embedaddon/sudo/NEWS - view

File: [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / NEWS
Revision 1.1.1.2 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Tue May 29 12:26:48 2012 UTC (12 years, 1 month ago) by misho
Branches: sudo, MAIN
CVS tags: v1_8_5p1, HEAD

sudo 1.8.5p1

1: What's new in Sudo 1.8.5p1? 2: 3: * Fixed a bug that prevented files in an include directory from 4: being evaluated. 5: 6: What's new in Sudo 1.8.5? 7: 8: * When "noexec" is enabled, sudo_noexec.so will now be prepended 9: to any existing LD_PRELOAD variable instead of replacing it. 10: 11: * The sudo_noexec.so shared library now wraps the execvpe(), 12: exect(), posix_spawn() and posix_spawnp() functions. 13: 14: * The user/group/mode checks on sudoers files have been relaxed. 15: As long as the file is owned by the sudoers uid, not world-writable 16: and not writable by a group other than the sudoers gid, the file 17: is considered OK. Note that visudo will still set the mode to 18: the value specified at configure time. 19: 20: * It is now possible to specify the sudoers path, uid, gid and 21: file mode as options to the plugin in the sudo.conf file. 22: 23: * Croatian, Galician, German, Lithuanian, Swedish and Vietnamese 24: translations from translationproject.org. 25: 26: * /etc/environment is no longer read directly on Linux systems 27: when PAM is used. Sudo now merges the PAM environment into the 28: user's environment which is typically set by the pam_env module. 29: 30: * The initial evironment created when env_reset is in effect now 31: includes the contents of /etc/environment on AIX systems and the 32: "setenv" and "path" entries from /etc/login.conf on BSD systems. 33: 34: * The plugin API has been extended in three ways. First, options 35: specified in sudo.conf after the plugin pathname are passed to 36: the plugin's open function. Second, sudo has limited support 37: for hooks that can be used by plugins. Currently, the hooks are 38: limited to environment handling functions. Third, the init_session 39: policy plugin function is passed a pointer to the user environment 40: which can be updated during session setup. The plugin API version 41: has been incremented to version 1.2. See the sudo_plugin manual 42: for more information. 43: 44: * The policy plugin's init_session function is now called by the 45: parent sudo process, not the child process that executes the 46: command. This allows the PAM session to be open and closed in 47: the same process, which some PAM modules require. 48: 49: * Fixed parsing of "Path askpass" and "Path noexec" in sudo.conf, 50: which was broken in version 1.8.4. 51: 52: * On systems with an SVR4-style /proc file system, the /proc/pid/psinfo 53: file is now uses to determine the controlling terminal, if possible. 54: This allows tty-based tickets to work properly even when, e.g. 55: standard input, output and error are redirected to /dev/null. 56: 57: * The output of "sudoreplay -l" is now sorted by file name (or 58: sequence number). Previously, entries were displayed in the 59: order in which they were found on the file system. 60: 61: * Sudo now behaves properly when I/O logging is enabled and the 62: controlling terminal is revoked (e.g. the running sshd is killed). 63: Previously, sudo may have exited without calling the I/O plugin's 64: close function which can lead to an incomplete I/O log. 65: 66: * Sudo can now detect when a user has logged out and back in again 67: on Solaris 11, just like it can on Solaris 10. 68: 69: * The built-in zlib included with Sudo has been upgraded to version 70: 1.2.6. 71: 72: * Setting the SSL parameter to start_tls in ldap.conf now works 73: properly when using Mozilla-based SDKs that support the 74: ldap_start_tls_s() function. 75: 76: * The TLS_CHECKPEER parameter in ldap.conf now works when the 77: Mozilla NSS crypto backend is used with OpenLDAP. 78: 79: * A new group provider plugin, system_group, is included which 80: performs group look ups by name using the system groups database. 81: This can be used to restore the pre-1.7.3 sudo group lookup 82: behavior. 83: 84: What's new in Sudo 1.8.4p5? 85: 86: * Fixed a bug when matching against an IP address with an associated 87: netmask in the sudoers file. In certain circumstances, this 88: could allow users to run commands on hosts they are not authorized 89: for. 90: 91: What's new in Sudo 1.8.4p4? 92: 93: * Fixed a bug introduced in Sudo 1.8.4 which prevented "sudo -v" 94: from working. 95: 96: What's new in Sudo 1.8.4p3? 97: 98: * Fixed a crash on FreeBSD when no tty is present. 99: 100: * Fixed a bug introduced in Sudo 1.8.4 that allowed users to 101: specify environment variables to set on the command line without 102: having sudo "ALL" permissions or the "SETENV" tag. 103: 104: * When visudo is run with the -c (check) option, the sudoers 105: file(s) owner and mode are now also checked unless the -f option 106: was specified. 107: 108: What's new in Sudo 1.8.4p2? 109: 110: * Fixed a bug introduced in Sudo 1.8.4 where insufficient space 111: was allocated for group IDs in the LDAP filter. 112: 113: * Fixed a bug introduced in Sudo 1.8.4 where the path to sudo.conf 114: was "/sudo.conf" instead of "/etc/sudo.conf". 115: 116: * Fixed a bug introduced in Sudo 1.8.4 which could cause a hang 117: when I/O logging is enabled and input is from a pipe or file. 118: 119: What's new in Sudo 1.8.4p1? 120: 121: * Fixed a bug introduced in sudo 1.8.4 that broke adding to or 122: deleting from the env_keep, env_check and env_delete lists in 123: sudoers on some platforms. 124: 125: What's new in Sudo 1.8.4? 126: 127: * The -D flag in sudo has been replaced with a more general debugging 128: framework that is configured in sudo.conf. 129: 130: * Fixed a false positive in visudo strict mode when aliases are 131: in use. 132: 133: * Fixed a crash with "sudo -i" when a runas group was specified 134: without a runas user. 135: 136: * The line on which a syntax error is reported in the sudoers file 137: is now more accurate. Previously it was often off by a line. 138: 139: * Fixed a bug where stack garbage could be printed at the end of 140: the lecture when the "lecture_file" option was enabled. 141: 142: * "make install" now honors the LINGUAS environment variable. 143: 144: * The #include and #includedir directives in sudoers now support 145: relative paths. If the path is not fully qualified it is expected 146: to be located in the same directory of the sudoers file that is 147: including it. 148: 149: * Serbian and Spanish translations for sudo from translationproject.org. 150: 151: * LDAP-based sudoers may now access by group ID in addition to 152: group name. 153: 154: * visudo will now fix the mode on the sudoers file even if no changes 155: are made unless the -f option is specified. 156: 157: * The "use_loginclass" sudoers option works properly again. 158: 159: * On systems that use login.conf, "sudo -i" now sets environment 160: variables based on login.conf. 161: 162: * For LDAP-based sudoers, values in the search expression are now 163: escaped as per RFC 4515. 164: 165: * The plugin close function is now properly called when a login 166: session is killed (as opposed to the actual command being killed). 167: This can happen when an ssh session is disconnected or the 168: terminal window is closed. 169: 170: * The deprecated "noexec_file" sudoers option is no longer supported. 171: 172: * Fixed a race condition when I/O logging is not enabled that could 173: result in tty-generated signals (e.g. control-C) being received 174: by the command twice. 175: 176: * If none of the standard input, output or error are connected to 177: a tty device, sudo will now check its parent's standard input, 178: output or error for the tty name on systems with /proc and BSD 179: systems that support the KERN_PROC_PID sysctl. This allows 180: tty-based tickets to work properly even when, e.g. standard 181: input, output and error are redirected to /dev/null. 182: 183: * Added the --enable-kerb5-instance configure option to allow 184: people using Kerberos V authentication to specify a custom 185: instance so the principal name can be, e.g. "username/sudo" 186: similar to how ksu uses "username/root". 187: 188: * Fixed a bug where a pattern like "/usr/*" included /usr/bin/ in 189: the results, which would be incorrectly be interpreted as if the 190: sudoers file had specified a directory. 191: 192: * "visudo -c" will now list any include files that were checked 193: in addition to the main sudoers file when everything parses OK. 194: 195: * Users that only have read-only access to the sudoers file may 196: now run "visudo -c". Previously, write permissions were required 197: even though no writing is down in check-only mode. 198: 199: * It is now possible to prevent the disabling of core dumps from 200: within sudo itself by adding a line to the sudo.conf file like 201: "Set disable_coredump false". 202: 203: What's new in Sudo 1.8.3p2? 204: 205: * Fixed a format string vulnerability when the sudo binary (or a 206: symbolic link to the sudo binary) contains printf format escapes 207: and the -D (debugging) flag is used. 208: 209: What's new in Sudo 1.8.3p1? 210: 211: * Fixed a crash in the monitor process on Solaris when NOPASSWD 212: was specified or when authentication was disabled. 213: 214: * Fixed matching of a Runas_Alias in the group section of a 215: Runas_Spec. 216: 217: What's new in Sudo 1.8.3? 218: 219: * Fixed expansion of strftime() escape sequences in the "log_dir" 220: sudoers setting. 221: 222: * Esperanto, Italian and Japanese translations from translationproject.org. 223: 224: * Sudo will now use PAM by default on AIX 6 and higher. 225: 226: * Added --enable-werror configure option for gcc's -Werror flag. 227: 228: * Visudo no longer assumes all editors support the +linenumber 229: command line argument. It now uses a whitelist of editors known 230: to support the option. 231: 232: * Fixed matching of network addresses when a netmask is specified 233: but the address is not the first one in the CIDR block. 234: 235: * The configure script now check whether or not errno.h declares 236: the errno variable. Previously, sudo would always declare errno 237: itself for older systems that don't declare it in errno.h. 238: 239: * The NOPASSWD tag is now honored for denied commands too, which 240: matches historic sudo behavior (prior to sudo 1.7.0). 241: 242: * Sudo now honors the "DEREF" setting in ldap.conf which controls 243: how alias dereferencing is done during an LDAP search. 244: 245: * A symbol conflict with the pam_ssh_agent_auth PAM module that 246: would cause a crash been resolved. 247: 248: * The inability to load a group provider plugin is no longer 249: a fatal error. 250: 251: * A potential crash in the utmp handling code has been fixed. 252: 253: * Two PAM session issues have been resolved. In previous versions 254: of sudo, the PAM session was opened as one user and closed as 255: another. Additionally, if no authentication was performed, the 256: PAM session would never be closed. 257: 258: * Sudo will now work correctly with LDAP-based sudoers using TLS 259: or SSL on Debian systems. 260: 261: * The LOGNAME, USER and USERNAME environment variables are preserved 262: correctly again in sudoedit mode. 263: 264: What's new in Sudo 1.8.2? 265: 266: * Sudo, visudo, sudoreplay and the sudoers plug-in now have natural 267: language support (NLS). This can be disabled by passing configure 268: the --disable-nls option. Sudo will use gettext(), if available, 269: to display translated messages. All translations are coordinated 270: via The Translation Project, http://translationproject.org/. 271: 272: * Plug-ins are now loaded with the RTLD_GLOBAL flag instead of 273: RTLD_LOCAL. This fixes missing symbol problems in PAM modules 274: on certain platforms, such as FreeBSD and SuSE Linux Enterprise. 275: 276: * I/O logging is now supported for commands run in background mode 277: (using sudo's -b flag). 278: 279: * Group ownership of the sudoers file is now only enforced when 280: the file mode on sudoers allows group readability or writability. 281: 282: * Visudo now checks the contents of an alias and warns about cycles 283: when the alias is expanded. 284: 285: * If the user specifies a group via sudo's -g option that matches 286: the target user's group in the password database, it is now 287: allowed even if no groups are present in the Runas_Spec. 288: 289: * The sudo Makefiles now have more complete dependencies which are 290: automatically generated instead of being maintained manually. 291: 292: * The "use_pty" sudoers option is now correctly passed back to the 293: sudo front end. This was missing in previous versions of sudo 294: 1.8 which prevented "use_pty" from being honored. 295: 296: * "sudo -i command" now works correctly with the bash version 297: 2.0 and higher. Previously, the .bash_profile would not be 298: sourced prior to running the command unless bash was built with 299: NON_INTERACTIVE_LOGIN_SHELLS defined. 300: 301: * When matching groups in the sudoers file, sudo will now match 302: based on the name of the group instead of the group ID. This can 303: substantially reduce the number of group lookups for sudoers 304: files that contain a large number of groups. 305: 306: * Multi-factor authentication is now supported on AIX. 307: 308: * Added support for non-RFC 4517 compliant LDAP servers that require 309: that seconds be present in a timestamp, such as Tivoli Directory Server. 310: 311: * If the group vector is to be preserved, the PATH search for the 312: command is now done with the user's original group vector. 313: 314: * For LDAP-based sudoers, the "runas_default" sudoOption now works 315: properly in a sudoRole that contains a sudoCommand. 316: 317: * Spaces in command line arguments for "sudo -s" and "sudo -i" are 318: now escaped with a backslash when checking the security policy. 319: 320: What's new in Sudo 1.8.1p2? 321: 322: * Two-character CIDR-style IPv4 netmasks are now matched correctly 323: in the sudoers file. 324: 325: * A build error with MIT Kerberos V has been resolved. 326: 327: * A crash on HP-UX in the sudoers plugin when wildcards are 328: present in the sudoers file has been resolved. 329: 330: * Sudo now works correctly on Tru64 Unix again. 331: 332: What's new in Sudo 1.8.1p1? 333: 334: * Fixed a problem on AIX where sudo was unable to set the final 335: uid if the PAM module modified the effective uid. 336: 337: * A non-existent includedir is now treated the same as an empty 338: directory and not reported as an error. 339: 340: * Removed extraneous parens in LDAP filter when sudoers_search_filter 341: is enabled that can cause an LDAP search error. 342: 343: * Fixed a "make -j" problem for "make install". 344: 345: What's new in Sudo 1.8.1? 346: 347: * A new LDAP setting, sudoers_search_filter, has been added to 348: ldap.conf. This setting can be used to restrict the set of 349: records returned by the LDAP query. Based on changes from Matthew 350: Thomas. 351: 352: * White space is now permitted within a User_List when used in 353: conjunction with a per-user Defaults definition. 354: 355: * A group ID (%#gid) may now be specified in a User_List or Runas_List. 356: Likewise, for non-Unix groups the syntax is %:#gid. 357: 358: * Support for double-quoted words in the sudoers file has been fixed. 359: The change in 1.7.5 for escaping the double quote character 360: caused the double quoting to only be available at the beginning 361: of an entry. 362: 363: * The fix for resuming a suspended shell in 1.7.5 caused problems 364: with resuming non-shells on Linux. Sudo will now save the process 365: group ID of the program it is running on suspend and restore it 366: when resuming, which fixes both problems. 367: 368: * A bug that could result in corrupted output in "sudo -l" has been 369: fixed. 370: 371: * Sudo will now create an entry in the utmp (or utmpx) file when 372: allocating a pseudo-tty (e.g. when logging I/O). The "set_utmp" 373: and "utmp_runas" sudoers file options can be used to control this. 374: Other policy plugins may use the "set_utmp" and "utmp_user" 375: entries in the command_info list. 376: 377: * The sudoers policy now stores the TSID field in the logs 378: even when the "iolog_file" sudoers option is defined to a value 379: other than %{sessid}. Previously, the TSID field was only 380: included in the log file when the "iolog_file" option was set 381: to its default value. 382: 383: * The sudoreplay utility now supports arbitrary session IDs. 384: Previously, it would only work with the base-36 session IDs 385: that the sudoers plugin uses by default. 386: 387: * Sudo now passes "run_shell=true" to the policy plugin in the 388: settings list when sudo's -s command line option is specified. 389: The sudoers policy plugin uses this to implement the "set_home" 390: sudoers option which was missing from sudo 1.8.0. 391: 392: * The "noexec" functionality has been moved out of the sudoers 393: policy plugin and into the sudo front-end, which matches the 394: behavior documented in the plugin writer's guide. As a result, 395: the path to the noexec file is now specified in the sudo.conf 396: file instead of the sudoers file. 397: 398: * On Solaris 10, the PRIV_PROC_EXEC privilege is now used to 399: implement the "noexec" feature. Previously, this was implemented 400: via the LD_PRELOAD environment variable. 401: 402: * The exit values for "sudo -l", "sudo -v" and "sudo -l command" 403: have been fixed in the sudoers policy plugin. 404: 405: * The sudoers policy plugin now passes the login class, if any, 406: back to the sudo front-end. 407: 408: * The sudoers policy plugin was not being linked with requisite 409: libraries in certain configurations. 410: 411: * Sudo now parses command line arguments before loading any plugins. 412: This allows "sudo -V" or "sudo -h" to work even if there is a problem 413: with sudo.conf 414: 415: * Plugins are now linked with the static version of libgcc to allow 416: the plugin to run on a system where no shared libgcc is installed, 417: or where it is installed in a different location. 418: 419: What's new in Sudo 1.8.0? 420: 421: * Sudo has been refactored to use a modular framework that can 422: support third-party policy and I/O logging plugins. The default 423: plugin is "sudoers" which provides the traditional sudo functionality. 424: See the sudo_plugin manual for details on the plugin API and the 425: sample in the plugins directory for a simple example. 426: 427: What's new in Sudo 1.7.5? 428: 429: * When using visudo in check mode, a file named "-" may be used to 430: check sudoers data on the standard input. 431: 432: * Sudo now only fetches shadow password entries when using the 433: password database directly for authentication. 434: 435: * Password and group entries are now cached using the same key 436: that was used to look them up. This fixes a problem when looking 437: up entries by name if the name in the retrieved entry does not 438: match the name used to look it up. This may happen on some systems 439: that do case insensitive lookups or that truncate long names. 440: 441: * GCC will no longer display warnings on glibc systems that use 442: the warn_unused_result attribute for write(2) and other system calls. 443: 444: * If a PAM account management module denies access, sudo now prints 445: a more useful error message and stops trying to validate the user. 446: 447: * Fixed a potential hang on idle systems when the sudo-run process 448: exits immediately. 449: 450: * Sudo now includes a copy of zlib that will be used on systems 451: that do not have zlib installed. 452: 453: * The --with-umask-override configure flag has been added to enable 454: the "umask_override" sudoers Defaults option at build time. 455: 456: * Sudo now unblocks all signals on startup to avoid problems caused 457: by the parent process changing the default signal mask. 458: 459: * LDAP Sudoers entries may now specify a time period for which 460: the entry is valid. This requires an updated sudoers schema 461: that includes the sudoNotBefore and sudoNotAfter attributes. 462: Support for timed entries must be explicitly enabled in the 463: ldap.conf file. Based on changes from Andreas Mueller. 464: 465: * LDAP Sudoers entries may now specify a sudoOrder attribute that 466: determines the order in which matching entries are applied. The 467: last matching entry is used, just like file-based sudoers. This 468: requires an updated sudoers schema that includes the sudoOrder 469: attribute. Based on changes from Andreas Mueller. 470: 471: * When run as sudoedit, or when given the -e flag, sudo now treats 472: command line arguments as pathnames. This means that slashes 473: in the sudoers file entry must explicitly match slashes in 474: the command line arguments. As a result, and entry such as: 475: user ALL = sudoedit /etc/* 476: will allow editing of /etc/motd but not /etc/security/default. 477: 478: * NETWORK_TIMEOUT is now an alias for BIND_TIMELIMIT in ldap.conf for 479: compatibility with OpenLDAP configuration files. 480: 481: * The LDAP API TIMEOUT parameter is now honored in ldap.conf. 482: 483: * The I/O log directory may now be specified in the sudoers file. 484: 485: * Sudo will no longer refuse to run if the sudoers file is writable 486: by root. 487: 488: * Sudo now performs command line escaping for "sudo -s" and "sudo -i" 489: after validating the command so the sudoers entries do not need 490: to include the backslashes. 491: 492: * Logging and email sending are now done in the locale specified 493: by the "sudoers_locale" setting ("C" by default). Email send by 494: sudo now includes MIME headers when "sudoers_locale" is not "C". 495: 496: * The configure script has a new option, --disable-env-reset, to 497: allow one to change the default for the sudoers Default setting 498: "env_reset" at compile time. 499: 500: * When logging "sudo -l command", sudo will now prepend "list " 501: to the command in the log line to distinguish between an 502: actual command invocation in the logs. 503: 504: * Double-quoted group and user names may now include escaped double 505: quotes as part of the name. Previously this was a parse error. 506: 507: * Sudo once again restores the state of the signal handlers it 508: modifies before executing the command. This allows sudo to be 509: used with the nohup command. 510: 511: * Resuming a suspended shell now works properly when I/O logging 512: is not enabled (the I/O logging case was already correct). 513: 514: What's new in Sudo 1.7.4p6? 515: 516: * A bug has been fixed in the I/O logging support that could cause 517: visual artifacts in full-screen programs such as text editors. 518: 519: What's new in Sudo 1.7.4p5? 520: 521: * A bug has been fixed that would allow a command to be run without the 522: user entering a password when sudo's -g flag is used without the -u flag. 523: 524: * If user has no supplementary groups, sudo will now fall back on checking 525: the group file explicitly, which restores historic sudo behavior. 526: 527: * A crash has been fixed when sudo's -g flag is used without the -u flag 528: and the sudoers file contains an entry with no runas user or group listed. 529: 530: * A crash has been fixed when the Solaris project support is enabled 531: and sudo's -g flag is used without the -u flag. 532: 533: * Sudo no longer exits with an error when support for auditing is 534: compiled in but auditing is not enabled. 535: 536: * Fixed a bug introduced in sudo 1.7.3 where the ticket file was not 537: being honored when the "targetpw" sudoers Defaults option was enabled. 538: 539: * The LOG_INPUT and LOG_OUTPUT tags in sudoers are now parsed correctly. 540: 541: * A crash has been fixed in "sudo -l" when sudo is built with auditing 542: support and the user is not allowed to run any commands on the host. 543: 544: What's new in Sudo 1.7.4p4? 545: 546: * A potential security issue has been fixed with respect to the handling 547: of sudo's -g command line option when -u is also specified. The flaw 548: may allow an attacker to run commands as a user that is not authorized 549: by the sudoers file. 550: 551: * A bug has been fixed where "sudo -l" output was incomplete if multiple 552: sudoers sources were defined in nsswitch.conf and there was an error 553: querying one of the sources. 554: 555: * The log_input, log_output, and use_pty sudoers options now work correctly 556: on AIX. Previously, sudo would hang if they were enabled. 557: 558: * The "make install" target now works correctly when sudo is built in a 559: directory other than the source directory. 560: 561: * The "runas_default" sudoers setting now works properly in a per-command 562: Defaults line. 563: 564: * Suspending and resuming the bash shell when PAM is in use now works 565: correctly. The SIGCONT signal was not propagated to the child process. 566: 567: What's new in Sudo 1.7.4p3? 568: 569: * A bug has been fixed where duplicate HOME environment variables could be 570: present when the env_reset setting was disabled and the always_set_home 571: setting was enabled in sudoers. 572: 573: * The value of sysconfdir is now substituted into the path to the sudoers.d 574: directory in the installed sudoers file. 575: 576: * Compilation problems on IRIX and other platforms have been fixed. 577: 578: * If multiple PAM "auth" actions are specified and the user enters ^C at 579: the password prompt, sudo will no longer prompt for a password for any 580: subsequent "auth" actions. Previously it was necessary to enter ^C for 581: each "auth" action. 582: 583: What's new in Sudo 1.7.4p2? 584: 585: * A bug where sudo could spin in a busy loop waiting for the child process 586: has been fixed. 587: 588: What's new in Sudo 1.7.4p1? 589: 590: * A bug introduced in sudo 1.7.3 that prevented the -k and -K options from 591: functioning when the tty_tickets sudoers option is enabled has been fixed. 592: 593: * Sudo no longer prints a warning when the -k or -K options are specified 594: and the ticket file does not exist. 595: 596: * It is now easier to cross-compile sudo. 597: 598: What's new in Sudo 1.7.4? 599: 600: * Sudoedit will now preserve the file extension in the name of the 601: temporary file being edited. The extension is used by some 602: editors (such as emacs) to choose the editing mode. 603: 604: * Time stamp files have moved from /var/run/sudo to either /var/db/sudo, 605: /var/lib/sudo or /var/adm/sudo. The directories are checked for 606: existence in that order. This prevents users from receiving the 607: sudo lecture every time the system reboots. Time stamp files older 608: than the boot time are ignored on systems where it is possible to 609: determine this. 610: 611: * The tty_tickets sudoers option is now enabled by default. 612: 613: * Ancillary documentation (README files, LICENSE, etc) is now installed 614: in a sudo documentation directory. 615: 616: * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile" 617: in ldap.conf. 618: 619: * Defaults settings that are tied to a user, host or command may 620: now include the negation operator. For example: 621: Defaults:!millert lecture 622: will match any user but millert. 623: 624: * The default PATH environment variable, used when no PATH variable 625: exists, now includes /usr/sbin and /sbin. 626: 627: * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/) 628: for cross-platform packing. 629: 630: * On Linux, sudo will now restore the nproc resource limit before 631: executing a command, unless the limit appears to have been modified 632: by pam_limits. This avoids a problem with bash scripts that open 633: more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX) 634: will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1). 635: 636: * The HOME and MAIL environment variables are now reset based on the 637: target user's password database entry when the env_reset sudoers option 638: is enabled (which is the case in the default configuration). Users 639: wishing to preserve the original values should use a sudoers entry like: 640: Defaults env_keep += HOME 641: to preserve the old value of HOME and 642: Defaults env_keep += MAIL 643: to preserve the old value of MAIL. 644: 645: * Fixed a problem in the restoration of the AIX authdb registry setting. 646: 647: * Sudo will now fork(2) and wait until the command has completed before 648: calling pam_close_session(). 649: 650: * The default syslog facility is now "authpriv" if the operating system 651: supports it, else "auth". 652: 653: What's new in Sudo 1.7.3? 654: 655: * Support for logging I/O for the command being run. 656: For more information, see the documentation for the "log_input" 657: and "log_output" Defaults options in the sudoers manual. Also 658: see the sudoreplay manual for how to replay I/O log sessions. 659: 660: * The use_pty sudoers option can be used to force a command to be 661: run in a pseudo-pty, even when I/O logging is not enabled. 662: 663: * On some systems, sudo can now detect when a user has logged out 664: and back in again when tty-based time stamps are in use. Supported 665: systems include Solaris systems with the devices file system, 666: Mac OS X, and Linux systems with the devpts filesystem (pseudo-ttys 667: only). 668: 669: * On AIX systems, the registry setting in /etc/security/user is 670: now taken into account when looking up users and groups. Sudo 671: now applies the correct the user and group ids when running a 672: command as a user whose account details come from a different 673: source (e.g. LDAP or DCE vs. local files). 674: 675: * Support for multiple 'sudoers_base' and 'uri' entries in ldap.conf. 676: When multiple entries are listed, sudo will try each one in the 677: order in which they are specified. 678: 679: * Sudo's SELinux support should now function correctly when running 680: commands as a non-root user and when one of stdin, stdout or stderr 681: is not a terminal. 682: 683: * Sudo will now use the Linux audit system with configure with 684: the --with-linux-audit flag. 685: 686: * Sudo now uses mbr_check_membership() on systems that support it 687: to determine group membership. Currently, only Darwin (Mac OS X) 688: supports this. 689: 690: * When the tty_tickets sudoers option is enabled but there is no 691: terminal device, sudo will no longer use or create a tty-based 692: ticket file. Previously, sudo would use a tty name of "unknown". 693: As a consequence, if a user has no terminal device, sudo will 694: now always prompt for a password. 695: 696: * The passwd_timeout and timestamp_timeout options may now be 697: specified as floating point numbers for more granular timeout 698: values. 699: 700: * Negating the fqdn option in sudoers now works correctly when sudo 701: is configured with the --with-fqdn option. In previous versions 702: of sudo the fqdn was set before sudoers was parsed. 703: 704: What's new in Sudo 1.7.2? 705: 706: * A new #includedir directive is available in sudoers. This can be 707: used to implement an /etc/sudo.d directory. Files in an includedir 708: are not edited by visudo unless they contain a syntax error. 709: 710: * The -g option did not work properly when only setting the group 711: (and not the user). Also, in -l mode the wrong user was displayed 712: for sudoers entries where only the group was allowed to be set. 713: 714: * Fixed a problem with the alias checking in visudo which 715: could prevent visudo from exiting. 716: 717: * Sudo will now correctly parse the shell-style /etc/environment 718: file format used by pam_env on Linux. 719: 720: * When doing password and group database lookups, sudo will only 721: cache an entry by name or by id, depending on how the entry was 722: looked up. Previously, sudo would cache by both name and id 723: from a single lookup, but this breaks sites that have multiple 724: password or group database names that map to the same uid or 725: gid. 726: 727: * User and group names in sudoers may now be enclosed in double 728: quotes to avoid having to escape special characters. 729: 730: * BSM audit fixes when changing to a non-root uid. 731: 732: * Experimental non-Unix group support. Currently only works with 733: Quest Authorization Services and allows Active Directory groups 734: fixes for Minix-3. 735: 736: * For Netscape/Mozilla-derived LDAP SDKs the certificate and key 737: paths may be specified as a directory or a file. However, version 738: 5.0 of the SDK only appears to support using a directory (despite 739: documentation to the contrary). If SSL client initialization 740: fails and the certificate or key paths look like they could be 741: default file name, strip off the last path element and try again. 742: 743: * A setenv() compatibility fix for Linux systems, where a NULL 744: value is treated the same as an empty string and the variable 745: name is checked against the NULL pointer. 746: 747: What's new in Sudo 1.7.1? 748: 749: * A new Defaults option "pwfeedback" will cause sudo to provide visual 750: feedback when the user is entering a password. 751: 752: * A new Defaults option "fast_glob" will cause sudo to use the fnmatch() 753: function for file name globbing instead of glob(). When this option 754: is enabled, sudo will not check the file system when expanding wildcards. 755: This is faster but a side effect is that relative paths with wildcard 756: will no longer work. 757: 758: * New BSM audit support for systems that support it such as FreeBSD 759: and Mac OS X. 760: 761: * The file name specified with the #include directive may now include 762: a %h escape which is expanded to the short form of hostname. 763: 764: * The -k flag may now be specified along with a command, causing the 765: user's timestamp file to be ignored. 766: 767: * New support for Tivoli-based LDAP START_TLS, present in AIX. 768: 769: * New support for /etc/netsvc.conf on AIX. 770: 771: * The unused alias checks in visudo now handle the case of an alias 772: referring to another alias. 773: 774: What's new in Sudo 1.7.0? 775: 776: * Rewritten parser that converts sudoers into a set of data structures. 777: This eliminates a number of ordering issues and makes it possible to 778: apply sudoers Defaults entries before searching for the command. 779: It also adds support for per-command Defaults specifications. 780: 781: * Sudoers now supports a #include facility to allow the inclusion of other 782: sudoers-format files. 783: 784: * Sudo's -l (list) flag has been enhanced: 785: o applicable Defaults options are now listed 786: o a command argument can be specified for testing whether a user 787: may run a specific command. 788: o a new -U flag can be used in conjunction with "sudo -l" to allow 789: root (or a user with "sudo ALL") list another user's privileges. 790: 791: * A new -g flag has been added to allow the user to specify a 792: primary group to run the command as. The sudoers syntax has been 793: extended to include a group section in the Runas specification. 794: 795: * A uid may now be used anywhere a username is valid. 796: 797: * The "secure_path" run-time Defaults option has been restored. 798: 799: * Password and group data is now cached for fast lookups. 800: 801: * The file descriptor at which sudo starts closing all open files is now 802: configurable via sudoers and, optionally, the command line. 803: 804: * Visudo will now warn about aliases that are defined but not used. 805: 806: * The -i and -s command line flags now take an optional command 807: to be run via the shell. Previously, the argument was passed 808: to the shell as a script to run. 809: 810: * Improved LDAP support. SASL authentication may now be used in 811: conjunction when connecting to an LDAP server. The krb5_ccname 812: parameter in ldap.conf may be used to enable Kerberos. 813: 814: * Support for /etc/nsswitch.conf. LDAP users may now use nsswitch.conf 815: to specify the sudoers order. E.g.: 816: sudoers: ldap files 817: to check LDAP, then /etc/sudoers. The default is "files", even 818: when LDAP support is compiled in. This differs from sudo 1.6 819: where LDAP was always consulted first. 820: 821: * Support for /etc/environment on AIX and Linux. If sudo is run 822: with the -i flag, the contents of /etc/environment are used to 823: populate the new environment that is passed to the command being 824: run. 825: 826: * If no terminal is available or if the new -A flag is specified, 827: sudo will use a helper program to read the password if one is 828: configured. Typically, this is a graphical password prompter 829: such as ssh-askpass. 830: 831: * A new Defaults option, "mailfrom" that sets the value of the 832: "From:" field in the warning/error mail. If unspecified, the 833: login name of the invoking user is used. 834: 835: * A new Defaults option, "env_file" that refers to a file containing 836: environment variables to be set in the command being run. 837: 838: * A new flag, -n, may be used to indicate that sudo should not 839: prompt the user for a password and, instead, exit with an error 840: if authentication is required. 841: 842: * If sudo needs to prompt for a password and it is unable to disable 843: echo (and no askpass program is defined), it will refuse to run 844: unless the "visiblepw" Defaults option has been specified. 845: 846: * Prior to version 1.7.0, hitting enter/return at the Password: prompt 847: would exit sudo. In sudo 1.7.0 and beyond, this is treated as 848: an empty password. To exit sudo, the user must press ^C or ^D 849: at the prompt. 850: 851: * visudo will now check the sudoers file owner and mode in -c (check) 852: mode when the -s (strict) flag is specified. 853: 854: * A new Defaults option "umask_override" will cause sudo to set the 855: umask specified in sudoers even if it is more permissive than the 856: invoking user's umask.