1: What's new in Sudo 1.8.10p3?
2:
3: * Fixed expansion of %p in the prompt for "sudo -l" when rootpw,
4: runaspw or targetpw is set. Bug #639
5:
6: * Fixed matching of uids and gids which was broken in version 1.8.9.
7: Bug #640
8:
9: * PAM credential initialization has been re-enabled. It was
10: unintentionally disabled by default in version 1.8.8. The way
11: credentials are initialized has also been fixed. Bug #642.
12:
13: * Fixed a descriptor leak on Linux when determing boot time. Sudo
14: normally closes extra descriptors before running a command so
15: the impact is limited. Bug #645
16:
17: * Fixed flushing of the last buffer of data when I/O logging is
18: enabled. This bug, introduced in version 1.8.9, could cause
19: incomplete command output on some systems. Bug #646
20:
21: What's new in Sudo 1.8.10p2?
22:
23: * Fixed a hang introduced in sudo 1.8.10 when timestamp_timeout
24: is set to zero.
25:
26: What's new in Sudo 1.8.10p1?
27:
28: * Fixed a bug introduced in sudo 1.8.10 that prevented the disabling
29: of tty-based tickets.
30:
31: * Fixed a bug with netgated commands in "sudo -l command" that
32: could cause the command to be listed even when it was explicitly
33: denied. This only affected list mode when a command was specified.
34: Bug #636
35:
36: What's new in Sudo 1.8.10?
37:
38: * It is now possible to disable network interface probing in
39: sudo.conf by changing the value of the probe_interfaces
40: setting.
41:
42: * When listing a user's privileges (sudo -l), the sudoers plugin
43: will now prompt for the user's password even if the targetpw,
44: rootpw or runaspw options are set.
45:
46: * The sudoers plugin uses a new format for its time stamp files.
47: Each user now has a single file which may contain multiple records
48: when per-tty time stamps are in use (the default). The time
49: stamps use a monotonic timer where available and are once again
50: located in a directory under /var/run. The lecture status is
51: now stored separately from the time stamps in a different directory.
52: Bug #616
53:
54: * sudo's -K option will now remove all of the user's time stamps,
55: not just the time stamp for the current terminal. The -k option
56: can be used to only disable time stamps for the current terminal.
57:
58: * If sudo was started in the background and needed to prompt for
59: a password, it was not possible to suspend it at the password
60: prompt. This now works properly.
61:
62: * LDAP-based sudoers now uses a default search filter of
63: (objectClass=sudoRole) for more efficient queries. The netgroup
64: query has been modified to avoid falling below the minimum length
65: for OpenLDAP substring indices.
66:
67: * The new "use_netgroups" sudoers option can be used to explicitly
68: enable or disable netgroups support. For LDAP-based sudoers,
69: netgroup support requires an expensive substring match on the
70: server. If netgroups are not needed, this option can be disabled
71: to reduce the load on the LDAP server.
72:
73: * Sudo is once again able to open the sudoers file when the group
74: on sudoers doesn't match the expected value, so long as the file
75: is not group writable.
76:
77: * Sudo now installs an init.d script to clear the time stamp
78: directory at boot time on AIX and HP-UX systems. These systems
79: either lack /var/run or do not clear it on boot.
80:
81: * The JSON format used by "visudo -x" now properly supports the
82: negation operator. In addition, the Options object is now the
83: same for both Defaults and Cmnd_Specs.
84:
85: * Czech and Serbian translations for sudoers from translationproject.org.
86:
87: * Catalan translation for sudo from translationproject.org.
88:
89: What's new in Sudo 1.8.9p5?
90:
91: * Fixed a compilation error on AIX when LDAP support is enabled.
92:
93: * Fixed parsing of the "umask" defaults setting in sudoers. Bug #632.
94:
95: * Fixed a failed assertion when the "closefrom_override" defaults
96: setting is enabled in sudoers and sudo's -C flag is used. Bug #633.
97:
98: What's new in Sudo 1.8.9p4?
99:
100: * Fixed a bug where sudo could consume large amounts of CPU while
101: the command was running when I/O logging is not enabled. Bug #631
102:
103: * Fixed a bug where sudo would exit with an error when the debug
104: level is set to util@debug or all@debug and I/O logging is not
105: enabled. The command would continue runnning after sudo exited.
106:
107: What's new in Sudo 1.8.9p3?
108:
109: * Fixed a bug introduced in sudo 1.8.9 that prevented the tty name
110: from being resolved properly on Linux systems. Bug #630.
111:
112: What's new in Sudo 1.8.9p2?
113:
114: * Updated config.guess, config.sub and libtool to support the ppc64le
115: architecture (IBM PowerPC Little Endian).
116:
117: What's new in Sudo 1.8.9p1?
118:
119: * Fixed a problem with gcc 4.8's handling of bit fields that could
120: lead to the noexec flag being enabled even when it was not
121: explicitly set.
122:
123: What's new in Sudo 1.8.9?
124:
125: * Reworked sudo's main event loop to use a simple event subsystem
126: using poll(2) or select(2) as the back end.
127:
128: * It is now possible to statically compile the sudoers plugin into
129: the sudo binary without disabling shared library support. The
130: sudo.conf file may still be used to configure other plugins.
131:
132: * Sudo can now be compiled again with a C preprocessor that does
133: not support variadic macros.
134:
135: * Visudo can now export a sudoers file in JSON format using the
136: new -x flag.
137:
138: * The locale is now set correctly again for visudo and sudoreplay.
139:
140: * The plugin API has been extended to allow the plugin to exclude
141: specific file descriptors from the "closefrom" range.
142:
143: * There is now a workaround for a Solaris-specific problem where
144: NOEXEC was overriding traditional root DAC behavior.
145:
146: * Add user netgroup filtering for SSSD. Previously, rules for
147: a netgroup were applied to all even when they did not belong
148: to the specified netgroup.
149:
150: * On systems with BSD login classes, if the user specified a group
151: (not a user) to run the command as, it was possible to specify
152: a different login class even when the command was not run as the
153: super user.
154:
155: * The closefrom() emulation on Mac OS X now uses /dev/fd if possible.
156:
157: * Fixed a bug where sudoedit would not update the original file
158: from the temporary when PAM or I/O logging is not enabled.
159:
160: * When recycling I/O logs, the log files are now truncated properly.
161:
162: * Fixes bugs #617, #621, #622, #623, #624, #625, #626
163:
164: What's new in Sudo 1.8.8?
165:
166: * Removed a warning on PAM systems with stacked auth modules
167: where the first module on the stack does not succeed.
168:
169: * Sudo, sudoreplay and visudo now support GNU-style long options.
170:
171: * The -h (--host) option may now be used to specify a host name.
172: This is currently only used by the sudoers plugin in conjunction
173: with the -l (--list) option.
174:
175: * Program usage messages and manual SYNOPSIS sections have been
176: simplified.
177:
178: * Sudo's LDAP SASL support now works properly with Kerberos.
179: Previously, the SASL library was unable to locate the user's
180: credential cache.
181:
182: * It is now possible to set the nproc resource limit to unlimited
183: via pam_limits on Linux (bug #565).
184:
185: * New "pam_service" and "pam_login_service" sudoers options
186: that can be used to specify the PAM service name to use.
187:
188: * New "pam_session" and "pam_setcred" sudoers options that
189: can be used to disable PAM session and credential support.
190:
191: * The sudoers plugin now properly supports UIDs and GIDs
192: that are larger than 0x7fffffff on 32-bit platforms.
193:
194: * Fixed a visudo bug introduced in sudo 1.8.7 where per-group
195: Defaults entries would cause an internal error.
196:
197: * If the "tty_tickets" sudoers option is enabled (the default),
198: but there is no tty present, sudo will now use a ticket file
199: based on the parent process ID. This makes it possible to support
200: the normal timeout behavior for the session.
201:
202: * Fixed a problem running commands that change their process
203: group and then attempt to change the terminal settings when not
204: running the command in a pseudo-terminal. Previously, the process
205: would receive SIGTTOU since it was effectively a background
206: process. Sudo will now grant the child the controlling tty and
207: continue it when this happens.
208:
209: * The "closefrom_override" sudoers option may now be used in
210: a command-specified Defaults entry (bug #610).
211:
212: * Sudo's BSM audit support now works on Solaris 11.
213:
214: * Brazilian Portuguese translation for sudo and sudoers from
215: translationproject.org.
216:
217: * Czech translation for sudo from translationproject.org.
218:
219: * French translation for sudo from translationproject.org.
220:
221: * Sudo's noexec support on Mac OS X 10.4 and above now uses dynamic
222: symbol interposition instead of setting DYLD_FORCE_FLAT_NAMESPACE=1
223: which causes issues with some programs.
224:
225: * Fixed visudo's -q (--quiet) flag, broken in sudo 1.8.6.
226:
227: * Root may no longer change its SELinux role without entering
228: a password.
229:
230: * Fixed a bug introduced in Sudo 1.8.7 where the indexes written
231: to the I/O log timing file are two greater than they should be.
232: Sudoreplay now contains a work-around to parse those files.
233:
234: * In sudoreplay's list mode, the "this" qualifier in "fromdate"
235: or "todate" expressions now behaves more sensibly. Previously,
236: it would often match a date that was "one more" than expected.
237: For example, "this week" now matches the current week instead
238: of the following week.
239:
240: What's new in Sudo 1.8.7?
241:
242: * The non-Unix group plugin is now supported when sudoers data
243: is stored in LDAP.
244:
245: * Sudo now uses a workaround for a locale bug on Solaris 11.0
246: that prevents setuid programs like sudo from fully using locales.
247:
248: * User messages are now always displayed in the user's locale,
249: even when the same message is being logged or mailed in a
250: different locale.
251:
252: * Log files created by sudo now explicitly have the group set
253: to group ID 0 rather than relying on BSD group semantics (which
254: may not be the default).
255:
256: * A new "exec_background" sudoers option can be used to initially
257: run the command without read access to the terminal when running
258: a command in a pseudo-tty. If the command tries to read from
259: the terminal it will be stopped by the kernel (via SIGTTIN or
260: SIGTTOU) and sudo will immediately restart it as the foreground
261: process (if possible). This allows sudo to only pass terminal
262: input to the program if the program actually is expecting it.
263: Unfortunately, a few poorly-behaved programs (like "su" on most
264: Linux systems) do not handle SIGTTIN and SIGTTOU properly.
265:
266: * Sudo now uses an efficient group query to get all the groups
267: for a user instead of iterating over every record in the group
268: database on HP-UX and Solaris.
269:
270: * Sudo now produces better error messages when there is an error
271: in the sudo.conf file.
272:
273: * Two new settings have been added to sudo.conf to give the admin
274: better control of how group database queries are performed. The
275: "group_source" specifies how the group list for a user will be
276: determined. Legal values are "static" (use the kernel groups
277: list), "dynamic" (perform a group database query) and "adaptive"
278: (only perform a group database query if the kernel list is full).
279: The "max_groups" setting specifies the maximum number of groups
280: a user may belong to when performing a group database query.
281:
282: * The sudo.conf file now supports line continuation by using a
283: backslash as the last character on the line.
284:
285: * There is now a standalone sudo.conf manual page.
286:
287: * Sudo now stores its libexec files in a "sudo" sub-directory instead
288: of in libexec itself. For backwards compatibility, if the plugin
289: is not found in the default plugin directory, sudo will check
290: the parent directory if the default directory ends in "/sudo".
291:
292: * The sudoers I/O logging plugin now logs the terminal size.
293:
294: * A new sudoers option "maxseq" can be used to limit the number of
295: I/O log entries that are stored.
296:
297: * The "system_group" and "group_file" sudoers group provider plugins
298: are now installed by default.
299:
300: * The list output (sudo -l) output from the sudoers plugin is now
301: less ambiguous when an entry includes different runas users.
302: The long list output (sudo -ll) for file-based sudoers is now
303: more consistent with the format of LDAP-based sudoers.
304:
305: * A uid may now be used in the sudoRunAsUser attributes for LDAP
306: sudoers.
307:
308: * Minor plugin API change: the close and version functions are now
309: optional. If the policy plugin does not provide a close function
310: and the command is not being run in a new pseudo-tty, sudo may
311: now execute the command directly instead of in a child process.
312:
313: * A new sudoers option "pam_session" can be used to disable sudo's
314: PAM session support.
315:
316: * On HP-UX systems, sudo will now use the pstat() function to
317: determine the tty instead of ttyname().
318:
319: * Turkish translation for sudo and sudoers from translationproject.org.
320:
321: * Dutch translation for sudo and sudoers from translationproject.org.
322:
323: * Tivoli Directory Server client libraries may now be used with
324: HP-UX where libibmldap has a hidden dependency on libCsup.
325:
326: * The sudoers plugin will now ignore invalid domain names when
327: checking netgroup membership. Most Linux systems use the string
328: "(none)" for the NIS-style domain name instead of an empty string.
329:
330: * New support for specifying a SHA-2 digest along with the command
331: in sudoers. Supported hash types are sha224, sha256, sha384 and
332: sha512. See the description of Digest_Spec in the sudoers manual
333: or the description of sudoCommand in the sudoers.ldap manual for
334: details.
335:
336: * The paths to ldap.conf and ldap.secret may now be specified as
337: arguments to the sudoers plugin in the sudo.conf file.
338:
339: * Fixed potential false positives in visudo's alias cycle detection.
340:
341: * Fixed a problem where the time stamp file was being treated
342: as out of date on Linux systems where the change time on the
343: pseudo-tty device node can change after it is allocated.
344:
345: * Sudo now only builds Position Independent Executables (PIE)
346: by default on Linux systems and verifies that a trivial test
347: program builds and runs.
348:
349: * On Solaris 11.1 and higher, sudo binaries will now have the
350: ASLR tag enabled if supported by the linker.
351:
352: What's new in Sudo 1.8.6p8?
353:
354: * Terminal detection now works properly on 64-bit AIX kernels.
355: This was broken by the removal of the ttyname() fallback in Sudo
356: 1.8.6p6. Sudo is now able to map an AIX 64-bit device number
357: to the corresponding device file in /dev.
358:
359: * Sudo now checks for crypt() returning NULL when performing
360: passwd-based authentication.
361:
362: What's new in Sudo 1.8.6p7?
363:
364: * A time stamp file with the date set to the epoch by "sudo -k"
365: is now completely ignored regardless of what the local clock is
366: set to. Previously, if the local clock was set to a value between
367: the epoch and the time stamp timeout value, a time stamp reset
368: by "sudo -k" would be considered current.
369:
370: * The tty-specific time stamp file now includes the session ID
371: of the sudo process that created it. If a process with the same
372: tty but a different session ID runs sudo, the user will now be
373: prompted for a password (assuming authentication is required for
374: the command).
375:
376: What's new in Sudo 1.8.6p6?
377:
378: * On systems where the controlling tty can be determined via /proc
379: or sysctl(), sudo will no longer fall back to using ttyname()
380: if the process has no controlling tty. This prevents sudo from
381: using a non-controlling tty for logging and time stamp purposes.
382:
383: What's new in Sudo 1.8.6p5?
384:
385: * Fixed a potential crash in visudo's alias cycle detection.
386:
387: * Improved performance on Solaris when retrieving the group list
388: for the target user. On systems with a large number of groups
389: where the group database is not local (NIS, LDAP, AD), fetching
390: the group list could take a minute or more.
391:
392: What's new in Sudo 1.8.6p4?
393:
394: * The -fstack-protector is now used when linking visudo, sudoreplay
395: and testsudoers.
396:
397: * Avoid building PIE binaries on FreeBSD/ia64 as they don't run
398: properly.
399:
400: * Fixed a crash in visudo strict mode when an unknown Defaults
401: setting is encountered.
402:
403: * Do not inform the user that the command was not permitted by the
404: policy if they do not successfully authenticate. This is a
405: regression introduced in sudo 1.8.6.
406:
407: * Allow sudo to be build with sss support without also including
408: ldap support.
409:
410: * Fix running commands that need the terminal in the background
411: when I/O logging is enabled. E.g. "sudo vi &". When the command
412: is foregrounded, it will now resume properly.
413:
414: What's new in Sudo 1.8.6p3?
415:
416: * Fixed post-processing of the man pages on systems with legacy
417: versions of sed.
418:
419: * Fixed "sudoreplay -l" on Linux systems with file systems that
420: set DT_UNKNOWN in the d_type field of struct dirent.
421:
422: What's new in Sudo 1.8.6p2?
423:
424: * Fixed suspending a command after it has already been resumed
425: once when I/O logging (or use_pty) is not enabled.
426: This was a regression introduced in version 1.8.6.
427:
428: What's new in Sudo 1.8.6p1?
429:
430: * Fixed the setting of LOGNAME, USER and USERNAME variables in the
431: command's environment when env_reset is enabled (the default).
432: This was a regression introduced in version 1.8.6.
433:
434: * Sudo now honors SUCCESS=return in /etc/nsswitch.conf.
435:
436: What's new in Sudo 1.8.6?
437:
438: * Sudo is now built with the -fstack-protector flag if the the
439: compiler supports it. Also, the -zrelro linker flag is used if
440: supported. The --disable-hardening configure option can be used
441: to build sudo without stack smashing protection.
442:
443: * Sudo is now built as a Position Independent Executable (PIE)
444: if supported by the compiler and linker.
445:
446: * If the user is a member of the "exempt" group in sudoers, they
447: will no longer be prompted for a password even if the -k flag
448: is specified with the command. This makes "sudo -k command"
449: consistent with the behavior one would get if the user ran "sudo
450: -k" immediately before running the command.
451:
452: * The sudoers file may now be a symbolic link. Previously, sudo
453: would refuse to read sudoers unless it was a regular file.
454:
455: * The sudoreplay command can now properly replay sessions where
456: no tty was present.
457:
458: * The sudoers plugin now takes advantage of symbol visibility
459: controls when supported by the compiler or linker. As a result,
460: only a small number of symbols are exported which significantly
461: reduces the chances of a conflict with other shared objects.
462:
463: * Improved support for the Tivoli Directory Server LDAP client
464: libraries. This includes support for using LDAP over SSL (ldaps)
465: as well as support for the BIND_TIMELIMIT, TLS_KEY and TLS_CIPHERS
466: ldap.conf options. A new ldap.conf option, TLS_KEYPW can be
467: used to specify a password to decrypt the key database.
468:
469: * When constructing a time filter for use with LDAP sudoNotBefore
470: and sudoNotAfter attributes, the current time now includes tenths
471: of a second. This fixes a problem with timed entries on Active
472: Directory.
473:
474: * If a user fails to authenticate and the command would be rejected
475: by sudoers, it is now logged with "command not allowed" instead
476: of "N incorrect password attempts". Likewise, the "mail_no_perms"
477: sudoers option now takes precedence over "mail_badpass".
478:
479: * The sudo manuals are now formatted using the mdoc macros. Versions
480: using the legacy man macros are provided for systems that lack mdoc.
481:
482: * New support for Solaris privilege sets. This makes it possible
483: to specify fine-grained privileges in the sudoers file on Solaris
484: 10 and above. A Runas_Spec that contains no Runas_Lists can be
485: used to give a user the ability to run a command as themselves
486: but with an expanded privilege set.
487:
488: * Fixed a problem with the reboot and shutdown commands on some
489: systems (such as HP-UX and BSD). On these systems, reboot sends
490: all processes (except itself) SIGTERM. When sudo received
491: SIGTERM, it would relay it to the reboot process, thus killing
492: reboot before it had a chance to actually reboot the system.
493:
494: * Support for using the System Security Services Daemon (SSSD) as
495: a source of sudoers data.
496:
497: * Slovenian translation for sudo and sudoers from translationproject.org.
498:
499: * Visudo will now warn about unknown Defaults entries that are
500: per-host, per-user, per-runas or per-command.
501:
502: * Fixed a race condition that could cause sudo to receive SIGTTOU
503: (and stop) when resuming a shell that was run via sudo when I/O
504: logging (and use_pty) is not enabled.
505:
506: * Sending SIGTSTP directly to the sudo process will now suspend the
507: running command when I/O logging (and use_pty) is not enabled.
508:
509: What's new in Sudo 1.8.5p3?
510:
511: * Fixed the loading of I/O plugins that conform to a plugin API
512: version older than 1.2.
513:
514: What's new in Sudo 1.8.5p2?
515:
516: * Fixed use of the SUDO_ASKPASS environment variable which was
517: broken in Sudo 1.8.5.
518:
519: * Fixed a problem reading the sudoers file when the file mode is
520: more restrictive than the expected mode. For example, when the
521: expected sudoers file mode is 0440 but the actual mode is 0400.
522:
523: What's new in Sudo 1.8.5p1?
524:
525: * Fixed a bug that prevented files in an include directory from
526: being evaluated.
527:
528: What's new in Sudo 1.8.5?
529:
530: * When "noexec" is enabled, sudo_noexec.so will now be prepended
531: to any existing LD_PRELOAD variable instead of replacing it.
532:
533: * The sudo_noexec.so shared library now wraps the execvpe(),
534: exect(), posix_spawn() and posix_spawnp() functions.
535:
536: * The user/group/mode checks on sudoers files have been relaxed.
537: As long as the file is owned by the sudoers uid, not world-writable
538: and not writable by a group other than the sudoers gid, the file
539: is considered OK. Note that visudo will still set the mode to
540: the value specified at configure time.
541:
542: * It is now possible to specify the sudoers path, uid, gid and
543: file mode as options to the plugin in the sudo.conf file.
544:
545: * Croatian, Galician, German, Lithuanian, Swedish and Vietnamese
546: translations from translationproject.org.
547:
548: * /etc/environment is no longer read directly on Linux systems
549: when PAM is used. Sudo now merges the PAM environment into the
550: user's environment which is typically set by the pam_env module.
551:
552: * The initial evironment created when env_reset is in effect now
553: includes the contents of /etc/environment on AIX systems and the
554: "setenv" and "path" entries from /etc/login.conf on BSD systems.
555:
556: * The plugin API has been extended in three ways. First, options
557: specified in sudo.conf after the plugin pathname are passed to
558: the plugin's open function. Second, sudo has limited support
559: for hooks that can be used by plugins. Currently, the hooks are
560: limited to environment handling functions. Third, the init_session
561: policy plugin function is passed a pointer to the user environment
562: which can be updated during session setup. The plugin API version
563: has been incremented to version 1.2. See the sudo_plugin manual
564: for more information.
565:
566: * The policy plugin's init_session function is now called by the
567: parent sudo process, not the child process that executes the
568: command. This allows the PAM session to be open and closed in
569: the same process, which some PAM modules require.
570:
571: * Fixed parsing of "Path askpass" and "Path noexec" in sudo.conf,
572: which was broken in version 1.8.4.
573:
574: * On systems with an SVR4-style /proc file system, the /proc/pid/psinfo
575: file is now uses to determine the controlling terminal, if possible.
576: This allows tty-based tickets to work properly even when, e.g.
577: standard input, output and error are redirected to /dev/null.
578:
579: * The output of "sudoreplay -l" is now sorted by file name (or
580: sequence number). Previously, entries were displayed in the
581: order in which they were found on the file system.
582:
583: * Sudo now behaves properly when I/O logging is enabled and the
584: controlling terminal is revoked (e.g. the running sshd is killed).
585: Previously, sudo may have exited without calling the I/O plugin's
586: close function which can lead to an incomplete I/O log.
587:
588: * Sudo can now detect when a user has logged out and back in again
589: on Solaris 11, just like it can on Solaris 10.
590:
591: * The built-in zlib included with Sudo has been upgraded to version
592: 1.2.6.
593:
594: * Setting the SSL parameter to start_tls in ldap.conf now works
595: properly when using Mozilla-based SDKs that support the
596: ldap_start_tls_s() function.
597:
598: * The TLS_CHECKPEER parameter in ldap.conf now works when the
599: Mozilla NSS crypto backend is used with OpenLDAP.
600:
601: * A new group provider plugin, system_group, is included which
602: performs group look ups by name using the system groups database.
603: This can be used to restore the pre-1.7.3 sudo group lookup
604: behavior.
605:
606: What's new in Sudo 1.8.4p5?
607:
608: * Fixed a bug when matching against an IP address with an associated
609: netmask in the sudoers file. In certain circumstances, this
610: could allow users to run commands on hosts they are not authorized
611: for.
612:
613: What's new in Sudo 1.8.4p4?
614:
615: * Fixed a bug introduced in Sudo 1.8.4 which prevented "sudo -v"
616: from working.
617:
618: What's new in Sudo 1.8.4p3?
619:
620: * Fixed a crash on FreeBSD when no tty is present.
621:
622: * Fixed a bug introduced in Sudo 1.8.4 that allowed users to
623: specify environment variables to set on the command line without
624: having sudo "ALL" permissions or the "SETENV" tag.
625:
626: * When visudo is run with the -c (check) option, the sudoers
627: file(s) owner and mode are now also checked unless the -f option
628: was specified.
629:
630: What's new in Sudo 1.8.4p2?
631:
632: * Fixed a bug introduced in Sudo 1.8.4 where insufficient space
633: was allocated for group IDs in the LDAP filter.
634:
635: * Fixed a bug introduced in Sudo 1.8.4 where the path to sudo.conf
636: was "/sudo.conf" instead of "/etc/sudo.conf".
637:
638: * Fixed a bug introduced in Sudo 1.8.4 which could cause a hang
639: when I/O logging is enabled and input is from a pipe or file.
640:
641: What's new in Sudo 1.8.4p1?
642:
643: * Fixed a bug introduced in sudo 1.8.4 that broke adding to or
644: deleting from the env_keep, env_check and env_delete lists in
645: sudoers on some platforms.
646:
647: What's new in Sudo 1.8.4?
648:
649: * The -D flag in sudo has been replaced with a more general debugging
650: framework that is configured in sudo.conf.
651:
652: * Fixed a false positive in visudo strict mode when aliases are
653: in use.
654:
655: * Fixed a crash with "sudo -i" when a runas group was specified
656: without a runas user.
657:
658: * The line on which a syntax error is reported in the sudoers file
659: is now more accurate. Previously it was often off by a line.
660:
661: * Fixed a bug where stack garbage could be printed at the end of
662: the lecture when the "lecture_file" option was enabled.
663:
664: * "make install" now honors the LINGUAS environment variable.
665:
666: * The #include and #includedir directives in sudoers now support
667: relative paths. If the path is not fully qualified it is expected
668: to be located in the same directory of the sudoers file that is
669: including it.
670:
671: * Serbian and Spanish translations for sudo from translationproject.org.
672:
673: * LDAP-based sudoers may now access by group ID in addition to
674: group name.
675:
676: * visudo will now fix the mode on the sudoers file even if no changes
677: are made unless the -f option is specified.
678:
679: * The "use_loginclass" sudoers option works properly again.
680:
681: * On systems that use login.conf, "sudo -i" now sets environment
682: variables based on login.conf.
683:
684: * For LDAP-based sudoers, values in the search expression are now
685: escaped as per RFC 4515.
686:
687: * The plugin close function is now properly called when a login
688: session is killed (as opposed to the actual command being killed).
689: This can happen when an ssh session is disconnected or the
690: terminal window is closed.
691:
692: * The deprecated "noexec_file" sudoers option is no longer supported.
693:
694: * Fixed a race condition when I/O logging is not enabled that could
695: result in tty-generated signals (e.g. control-C) being received
696: by the command twice.
697:
698: * If none of the standard input, output or error are connected to
699: a tty device, sudo will now check its parent's standard input,
700: output or error for the tty name on systems with /proc and BSD
701: systems that support the KERN_PROC_PID sysctl. This allows
702: tty-based tickets to work properly even when, e.g. standard
703: input, output and error are redirected to /dev/null.
704:
705: * Added the --enable-kerb5-instance configure option to allow
706: people using Kerberos V authentication to specify a custom
707: instance so the principal name can be, e.g. "username/sudo"
708: similar to how ksu uses "username/root".
709:
710: * Fixed a bug where a pattern like "/usr/*" included /usr/bin/ in
711: the results, which would be incorrectly be interpreted as if the
712: sudoers file had specified a directory.
713:
714: * "visudo -c" will now list any include files that were checked
715: in addition to the main sudoers file when everything parses OK.
716:
717: * Users that only have read-only access to the sudoers file may
718: now run "visudo -c". Previously, write permissions were required
719: even though no writing is down in check-only mode.
720:
721: * It is now possible to prevent the disabling of core dumps from
722: within sudo itself by adding a line to the sudo.conf file like
723: "Set disable_coredump false".
724:
725: What's new in Sudo 1.8.3p2?
726:
727: * Fixed a format string vulnerability when the sudo binary (or a
728: symbolic link to the sudo binary) contains printf format escapes
729: and the -D (debugging) flag is used.
730:
731: What's new in Sudo 1.8.3p1?
732:
733: * Fixed a crash in the monitor process on Solaris when NOPASSWD
734: was specified or when authentication was disabled.
735:
736: * Fixed matching of a Runas_Alias in the group section of a
737: Runas_Spec.
738:
739: What's new in Sudo 1.8.3?
740:
741: * Fixed expansion of strftime() escape sequences in the "log_dir"
742: sudoers setting.
743:
744: * Esperanto, Italian and Japanese translations from translationproject.org.
745:
746: * Sudo will now use PAM by default on AIX 6 and higher.
747:
748: * Added --enable-werror configure option for gcc's -Werror flag.
749:
750: * Visudo no longer assumes all editors support the +linenumber
751: command line argument. It now uses a whitelist of editors known
752: to support the option.
753:
754: * Fixed matching of network addresses when a netmask is specified
755: but the address is not the first one in the CIDR block.
756:
757: * The configure script now check whether or not errno.h declares
758: the errno variable. Previously, sudo would always declare errno
759: itself for older systems that don't declare it in errno.h.
760:
761: * The NOPASSWD tag is now honored for denied commands too, which
762: matches historic sudo behavior (prior to sudo 1.7.0).
763:
764: * Sudo now honors the "DEREF" setting in ldap.conf which controls
765: how alias dereferencing is done during an LDAP search.
766:
767: * A symbol conflict with the pam_ssh_agent_auth PAM module that
768: would cause a crash been resolved.
769:
770: * The inability to load a group provider plugin is no longer
771: a fatal error.
772:
773: * A potential crash in the utmp handling code has been fixed.
774:
775: * Two PAM session issues have been resolved. In previous versions
776: of sudo, the PAM session was opened as one user and closed as
777: another. Additionally, if no authentication was performed, the
778: PAM session would never be closed.
779:
780: * Sudo will now work correctly with LDAP-based sudoers using TLS
781: or SSL on Debian systems.
782:
783: * The LOGNAME, USER and USERNAME environment variables are preserved
784: correctly again in sudoedit mode.
785:
786: What's new in Sudo 1.8.2?
787:
788: * Sudo, visudo, sudoreplay and the sudoers plug-in now have natural
789: language support (NLS). This can be disabled by passing configure
790: the --disable-nls option. Sudo will use gettext(), if available,
791: to display translated messages. All translations are coordinated
792: via The Translation Project, http://translationproject.org/.
793:
794: * Plug-ins are now loaded with the RTLD_GLOBAL flag instead of
795: RTLD_LOCAL. This fixes missing symbol problems in PAM modules
796: on certain platforms, such as FreeBSD and SuSE Linux Enterprise.
797:
798: * I/O logging is now supported for commands run in background mode
799: (using sudo's -b flag).
800:
801: * Group ownership of the sudoers file is now only enforced when
802: the file mode on sudoers allows group readability or writability.
803:
804: * Visudo now checks the contents of an alias and warns about cycles
805: when the alias is expanded.
806:
807: * If the user specifies a group via sudo's -g option that matches
808: the target user's group in the password database, it is now
809: allowed even if no groups are present in the Runas_Spec.
810:
811: * The sudo Makefiles now have more complete dependencies which are
812: automatically generated instead of being maintained manually.
813:
814: * The "use_pty" sudoers option is now correctly passed back to the
815: sudo front end. This was missing in previous versions of sudo
816: 1.8 which prevented "use_pty" from being honored.
817:
818: * "sudo -i command" now works correctly with the bash version
819: 2.0 and higher. Previously, the .bash_profile would not be
820: sourced prior to running the command unless bash was built with
821: NON_INTERACTIVE_LOGIN_SHELLS defined.
822:
823: * When matching groups in the sudoers file, sudo will now match
824: based on the name of the group instead of the group ID. This can
825: substantially reduce the number of group lookups for sudoers
826: files that contain a large number of groups.
827:
828: * Multi-factor authentication is now supported on AIX.
829:
830: * Added support for non-RFC 4517 compliant LDAP servers that require
831: that seconds be present in a timestamp, such as Tivoli Directory Server.
832:
833: * If the group vector is to be preserved, the PATH search for the
834: command is now done with the user's original group vector.
835:
836: * For LDAP-based sudoers, the "runas_default" sudoOption now works
837: properly in a sudoRole that contains a sudoCommand.
838:
839: * Spaces in command line arguments for "sudo -s" and "sudo -i" are
840: now escaped with a backslash when checking the security policy.
841:
842: What's new in Sudo 1.8.1p2?
843:
844: * Two-character CIDR-style IPv4 netmasks are now matched correctly
845: in the sudoers file.
846:
847: * A build error with MIT Kerberos V has been resolved.
848:
849: * A crash on HP-UX in the sudoers plugin when wildcards are
850: present in the sudoers file has been resolved.
851:
852: * Sudo now works correctly on Tru64 Unix again.
853:
854: What's new in Sudo 1.8.1p1?
855:
856: * Fixed a problem on AIX where sudo was unable to set the final
857: uid if the PAM module modified the effective uid.
858:
859: * A non-existent includedir is now treated the same as an empty
860: directory and not reported as an error.
861:
862: * Removed extraneous parens in LDAP filter when sudoers_search_filter
863: is enabled that can cause an LDAP search error.
864:
865: * Fixed a "make -j" problem for "make install".
866:
867: What's new in Sudo 1.8.1?
868:
869: * A new LDAP setting, sudoers_search_filter, has been added to
870: ldap.conf. This setting can be used to restrict the set of
871: records returned by the LDAP query. Based on changes from Matthew
872: Thomas.
873:
874: * White space is now permitted within a User_List when used in
875: conjunction with a per-user Defaults definition.
876:
877: * A group ID (%#gid) may now be specified in a User_List or Runas_List.
878: Likewise, for non-Unix groups the syntax is %:#gid.
879:
880: * Support for double-quoted words in the sudoers file has been fixed.
881: The change in 1.7.5 for escaping the double quote character
882: caused the double quoting to only be available at the beginning
883: of an entry.
884:
885: * The fix for resuming a suspended shell in 1.7.5 caused problems
886: with resuming non-shells on Linux. Sudo will now save the process
887: group ID of the program it is running on suspend and restore it
888: when resuming, which fixes both problems.
889:
890: * A bug that could result in corrupted output in "sudo -l" has been
891: fixed.
892:
893: * Sudo will now create an entry in the utmp (or utmpx) file when
894: allocating a pseudo-tty (e.g. when logging I/O). The "set_utmp"
895: and "utmp_runas" sudoers file options can be used to control this.
896: Other policy plugins may use the "set_utmp" and "utmp_user"
897: entries in the command_info list.
898:
899: * The sudoers policy now stores the TSID field in the logs
900: even when the "iolog_file" sudoers option is defined to a value
901: other than %{sessid}. Previously, the TSID field was only
902: included in the log file when the "iolog_file" option was set
903: to its default value.
904:
905: * The sudoreplay utility now supports arbitrary session IDs.
906: Previously, it would only work with the base-36 session IDs
907: that the sudoers plugin uses by default.
908:
909: * Sudo now passes "run_shell=true" to the policy plugin in the
910: settings list when sudo's -s command line option is specified.
911: The sudoers policy plugin uses this to implement the "set_home"
912: sudoers option which was missing from sudo 1.8.0.
913:
914: * The "noexec" functionality has been moved out of the sudoers
915: policy plugin and into the sudo front-end, which matches the
916: behavior documented in the plugin writer's guide. As a result,
917: the path to the noexec file is now specified in the sudo.conf
918: file instead of the sudoers file.
919:
920: * On Solaris 10, the PRIV_PROC_EXEC privilege is now used to
921: implement the "noexec" feature. Previously, this was implemented
922: via the LD_PRELOAD environment variable.
923:
924: * The exit values for "sudo -l", "sudo -v" and "sudo -l command"
925: have been fixed in the sudoers policy plugin.
926:
927: * The sudoers policy plugin now passes the login class, if any,
928: back to the sudo front-end.
929:
930: * The sudoers policy plugin was not being linked with requisite
931: libraries in certain configurations.
932:
933: * Sudo now parses command line arguments before loading any plugins.
934: This allows "sudo -V" or "sudo -h" to work even if there is a problem
935: with sudo.conf
936:
937: * Plugins are now linked with the static version of libgcc to allow
938: the plugin to run on a system where no shared libgcc is installed,
939: or where it is installed in a different location.
940:
941: What's new in Sudo 1.8.0?
942:
943: * Sudo has been refactored to use a modular framework that can
944: support third-party policy and I/O logging plugins. The default
945: plugin is "sudoers" which provides the traditional sudo functionality.
946: See the sudo_plugin manual for details on the plugin API and the
947: sample in the plugins directory for a simple example.
948:
949: What's new in Sudo 1.7.5?
950:
951: * When using visudo in check mode, a file named "-" may be used to
952: check sudoers data on the standard input.
953:
954: * Sudo now only fetches shadow password entries when using the
955: password database directly for authentication.
956:
957: * Password and group entries are now cached using the same key
958: that was used to look them up. This fixes a problem when looking
959: up entries by name if the name in the retrieved entry does not
960: match the name used to look it up. This may happen on some systems
961: that do case insensitive lookups or that truncate long names.
962:
963: * GCC will no longer display warnings on glibc systems that use
964: the warn_unused_result attribute for write(2) and other system calls.
965:
966: * If a PAM account management module denies access, sudo now prints
967: a more useful error message and stops trying to validate the user.
968:
969: * Fixed a potential hang on idle systems when the sudo-run process
970: exits immediately.
971:
972: * Sudo now includes a copy of zlib that will be used on systems
973: that do not have zlib installed.
974:
975: * The --with-umask-override configure flag has been added to enable
976: the "umask_override" sudoers Defaults option at build time.
977:
978: * Sudo now unblocks all signals on startup to avoid problems caused
979: by the parent process changing the default signal mask.
980:
981: * LDAP Sudoers entries may now specify a time period for which
982: the entry is valid. This requires an updated sudoers schema
983: that includes the sudoNotBefore and sudoNotAfter attributes.
984: Support for timed entries must be explicitly enabled in the
985: ldap.conf file. Based on changes from Andreas Mueller.
986:
987: * LDAP Sudoers entries may now specify a sudoOrder attribute that
988: determines the order in which matching entries are applied. The
989: last matching entry is used, just like file-based sudoers. This
990: requires an updated sudoers schema that includes the sudoOrder
991: attribute. Based on changes from Andreas Mueller.
992:
993: * When run as sudoedit, or when given the -e flag, sudo now treats
994: command line arguments as pathnames. This means that slashes
995: in the sudoers file entry must explicitly match slashes in
996: the command line arguments. As a result, and entry such as:
997: user ALL = sudoedit /etc/*
998: will allow editing of /etc/motd but not /etc/security/default.
999:
1000: * NETWORK_TIMEOUT is now an alias for BIND_TIMELIMIT in ldap.conf for
1001: compatibility with OpenLDAP configuration files.
1002:
1003: * The LDAP API TIMEOUT parameter is now honored in ldap.conf.
1004:
1005: * The I/O log directory may now be specified in the sudoers file.
1006:
1007: * Sudo will no longer refuse to run if the sudoers file is writable
1008: by root.
1009:
1010: * Sudo now performs command line escaping for "sudo -s" and "sudo -i"
1011: after validating the command so the sudoers entries do not need
1012: to include the backslashes.
1013:
1014: * Logging and email sending are now done in the locale specified
1015: by the "sudoers_locale" setting ("C" by default). Email send by
1016: sudo now includes MIME headers when "sudoers_locale" is not "C".
1017:
1018: * The configure script has a new option, --disable-env-reset, to
1019: allow one to change the default for the sudoers Default setting
1020: "env_reset" at compile time.
1021:
1022: * When logging "sudo -l command", sudo will now prepend "list "
1023: to the command in the log line to distinguish between an
1024: actual command invocation in the logs.
1025:
1026: * Double-quoted group and user names may now include escaped double
1027: quotes as part of the name. Previously this was a parse error.
1028:
1029: * Sudo once again restores the state of the signal handlers it
1030: modifies before executing the command. This allows sudo to be
1031: used with the nohup command.
1032:
1033: * Resuming a suspended shell now works properly when I/O logging
1034: is not enabled (the I/O logging case was already correct).
1035:
1036: What's new in Sudo 1.7.4p6?
1037:
1038: * A bug has been fixed in the I/O logging support that could cause
1039: visual artifacts in full-screen programs such as text editors.
1040:
1041: What's new in Sudo 1.7.4p5?
1042:
1043: * A bug has been fixed that would allow a command to be run without the
1044: user entering a password when sudo's -g flag is used without the -u flag.
1045:
1046: * If user has no supplementary groups, sudo will now fall back on checking
1047: the group file explicitly, which restores historic sudo behavior.
1048:
1049: * A crash has been fixed when sudo's -g flag is used without the -u flag
1050: and the sudoers file contains an entry with no runas user or group listed.
1051:
1052: * A crash has been fixed when the Solaris project support is enabled
1053: and sudo's -g flag is used without the -u flag.
1054:
1055: * Sudo no longer exits with an error when support for auditing is
1056: compiled in but auditing is not enabled.
1057:
1058: * Fixed a bug introduced in sudo 1.7.3 where the ticket file was not
1059: being honored when the "targetpw" sudoers Defaults option was enabled.
1060:
1061: * The LOG_INPUT and LOG_OUTPUT tags in sudoers are now parsed correctly.
1062:
1063: * A crash has been fixed in "sudo -l" when sudo is built with auditing
1064: support and the user is not allowed to run any commands on the host.
1065:
1066: What's new in Sudo 1.7.4p4?
1067:
1068: * A potential security issue has been fixed with respect to the handling
1069: of sudo's -g command line option when -u is also specified. The flaw
1070: may allow an attacker to run commands as a user that is not authorized
1071: by the sudoers file.
1072:
1073: * A bug has been fixed where "sudo -l" output was incomplete if multiple
1074: sudoers sources were defined in nsswitch.conf and there was an error
1075: querying one of the sources.
1076:
1077: * The log_input, log_output, and use_pty sudoers options now work correctly
1078: on AIX. Previously, sudo would hang if they were enabled.
1079:
1080: * The "make install" target now works correctly when sudo is built in a
1081: directory other than the source directory.
1082:
1083: * The "runas_default" sudoers setting now works properly in a per-command
1084: Defaults line.
1085:
1086: * Suspending and resuming the bash shell when PAM is in use now works
1087: correctly. The SIGCONT signal was not propagated to the child process.
1088:
1089: What's new in Sudo 1.7.4p3?
1090:
1091: * A bug has been fixed where duplicate HOME environment variables could be
1092: present when the env_reset setting was disabled and the always_set_home
1093: setting was enabled in sudoers.
1094:
1095: * The value of sysconfdir is now substituted into the path to the sudoers.d
1096: directory in the installed sudoers file.
1097:
1098: * Compilation problems on IRIX and other platforms have been fixed.
1099:
1100: * If multiple PAM "auth" actions are specified and the user enters ^C at
1101: the password prompt, sudo will no longer prompt for a password for any
1102: subsequent "auth" actions. Previously it was necessary to enter ^C for
1103: each "auth" action.
1104:
1105: What's new in Sudo 1.7.4p2?
1106:
1107: * A bug where sudo could spin in a busy loop waiting for the child process
1108: has been fixed.
1109:
1110: What's new in Sudo 1.7.4p1?
1111:
1112: * A bug introduced in sudo 1.7.3 that prevented the -k and -K options from
1113: functioning when the tty_tickets sudoers option is enabled has been fixed.
1114:
1115: * Sudo no longer prints a warning when the -k or -K options are specified
1116: and the ticket file does not exist.
1117:
1118: * It is now easier to cross-compile sudo.
1119:
1120: What's new in Sudo 1.7.4?
1121:
1122: * Sudoedit will now preserve the file extension in the name of the
1123: temporary file being edited. The extension is used by some
1124: editors (such as emacs) to choose the editing mode.
1125:
1126: * Time stamp files have moved from /var/run/sudo to either /var/db/sudo,
1127: /var/lib/sudo or /var/adm/sudo. The directories are checked for
1128: existence in that order. This prevents users from receiving the
1129: sudo lecture every time the system reboots. Time stamp files older
1130: than the boot time are ignored on systems where it is possible to
1131: determine this.
1132:
1133: * The tty_tickets sudoers option is now enabled by default.
1134:
1135: * Ancillary documentation (README files, LICENSE, etc) is now installed
1136: in a sudo documentation directory.
1137:
1138: * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile"
1139: in ldap.conf.
1140:
1141: * Defaults settings that are tied to a user, host or command may
1142: now include the negation operator. For example:
1143: Defaults:!millert lecture
1144: will match any user but millert.
1145:
1146: * The default PATH environment variable, used when no PATH variable
1147: exists, now includes /usr/sbin and /sbin.
1148:
1149: * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/)
1150: for cross-platform packing.
1151:
1152: * On Linux, sudo will now restore the nproc resource limit before
1153: executing a command, unless the limit appears to have been modified
1154: by pam_limits. This avoids a problem with bash scripts that open
1155: more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX)
1156: will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1).
1157:
1158: * The HOME and MAIL environment variables are now reset based on the
1159: target user's password database entry when the env_reset sudoers option
1160: is enabled (which is the case in the default configuration). Users
1161: wishing to preserve the original values should use a sudoers entry like:
1162: Defaults env_keep += HOME
1163: to preserve the old value of HOME and
1164: Defaults env_keep += MAIL
1165: to preserve the old value of MAIL.
1166:
1167: * Fixed a problem in the restoration of the AIX authdb registry setting.
1168:
1169: * Sudo will now fork(2) and wait until the command has completed before
1170: calling pam_close_session().
1171:
1172: * The default syslog facility is now "authpriv" if the operating system
1173: supports it, else "auth".
1174:
1175: What's new in Sudo 1.7.3?
1176:
1177: * Support for logging I/O for the command being run.
1178: For more information, see the documentation for the "log_input"
1179: and "log_output" Defaults options in the sudoers manual. Also
1180: see the sudoreplay manual for how to replay I/O log sessions.
1181:
1182: * The use_pty sudoers option can be used to force a command to be
1183: run in a pseudo-pty, even when I/O logging is not enabled.
1184:
1185: * On some systems, sudo can now detect when a user has logged out
1186: and back in again when tty-based time stamps are in use. Supported
1187: systems include Solaris systems with the devices file system,
1188: Mac OS X, and Linux systems with the devpts filesystem (pseudo-ttys
1189: only).
1190:
1191: * On AIX systems, the registry setting in /etc/security/user is
1192: now taken into account when looking up users and groups. Sudo
1193: now applies the correct the user and group ids when running a
1194: command as a user whose account details come from a different
1195: source (e.g. LDAP or DCE vs. local files).
1196:
1197: * Support for multiple 'sudoers_base' and 'uri' entries in ldap.conf.
1198: When multiple entries are listed, sudo will try each one in the
1199: order in which they are specified.
1200:
1201: * Sudo's SELinux support should now function correctly when running
1202: commands as a non-root user and when one of stdin, stdout or stderr
1203: is not a terminal.
1204:
1205: * Sudo will now use the Linux audit system with configure with
1206: the --with-linux-audit flag.
1207:
1208: * Sudo now uses mbr_check_membership() on systems that support it
1209: to determine group membership. Currently, only Darwin (Mac OS X)
1210: supports this.
1211:
1212: * When the tty_tickets sudoers option is enabled but there is no
1213: terminal device, sudo will no longer use or create a tty-based
1214: ticket file. Previously, sudo would use a tty name of "unknown".
1215: As a consequence, if a user has no terminal device, sudo will
1216: now always prompt for a password.
1217:
1218: * The passwd_timeout and timestamp_timeout options may now be
1219: specified as floating point numbers for more granular timeout
1220: values.
1221:
1222: * Negating the fqdn option in sudoers now works correctly when sudo
1223: is configured with the --with-fqdn option. In previous versions
1224: of sudo the fqdn was set before sudoers was parsed.
1225:
1226: What's new in Sudo 1.7.2?
1227:
1228: * A new #includedir directive is available in sudoers. This can be
1229: used to implement an /etc/sudo.d directory. Files in an includedir
1230: are not edited by visudo unless they contain a syntax error.
1231:
1232: * The -g option did not work properly when only setting the group
1233: (and not the user). Also, in -l mode the wrong user was displayed
1234: for sudoers entries where only the group was allowed to be set.
1235:
1236: * Fixed a problem with the alias checking in visudo which
1237: could prevent visudo from exiting.
1238:
1239: * Sudo will now correctly parse the shell-style /etc/environment
1240: file format used by pam_env on Linux.
1241:
1242: * When doing password and group database lookups, sudo will only
1243: cache an entry by name or by id, depending on how the entry was
1244: looked up. Previously, sudo would cache by both name and id
1245: from a single lookup, but this breaks sites that have multiple
1246: password or group database names that map to the same uid or
1247: gid.
1248:
1249: * User and group names in sudoers may now be enclosed in double
1250: quotes to avoid having to escape special characters.
1251:
1252: * BSM audit fixes when changing to a non-root uid.
1253:
1254: * Experimental non-Unix group support. Currently only works with
1255: Quest Authorization Services and allows Active Directory groups
1256: fixes for Minix-3.
1257:
1258: * For Netscape/Mozilla-derived LDAP SDKs the certificate and key
1259: paths may be specified as a directory or a file. However, version
1260: 5.0 of the SDK only appears to support using a directory (despite
1261: documentation to the contrary). If SSL client initialization
1262: fails and the certificate or key paths look like they could be
1263: default file name, strip off the last path element and try again.
1264:
1265: * A setenv() compatibility fix for Linux systems, where a NULL
1266: value is treated the same as an empty string and the variable
1267: name is checked against the NULL pointer.
1268:
1269: What's new in Sudo 1.7.1?
1270:
1271: * A new Defaults option "pwfeedback" will cause sudo to provide visual
1272: feedback when the user is entering a password.
1273:
1274: * A new Defaults option "fast_glob" will cause sudo to use the fnmatch()
1275: function for file name globbing instead of glob(). When this option
1276: is enabled, sudo will not check the file system when expanding wildcards.
1277: This is faster but a side effect is that relative paths with wildcard
1278: will no longer work.
1279:
1280: * New BSM audit support for systems that support it such as FreeBSD
1281: and Mac OS X.
1282:
1283: * The file name specified with the #include directive may now include
1284: a %h escape which is expanded to the short form of hostname.
1285:
1286: * The -k flag may now be specified along with a command, causing the
1287: user's timestamp file to be ignored.
1288:
1289: * New support for Tivoli-based LDAP START_TLS, present in AIX.
1290:
1291: * New support for /etc/netsvc.conf on AIX.
1292:
1293: * The unused alias checks in visudo now handle the case of an alias
1294: referring to another alias.
1295:
1296: What's new in Sudo 1.7.0?
1297:
1298: * Rewritten parser that converts sudoers into a set of data structures.
1299: This eliminates a number of ordering issues and makes it possible to
1300: apply sudoers Defaults entries before searching for the command.
1301: It also adds support for per-command Defaults specifications.
1302:
1303: * Sudoers now supports a #include facility to allow the inclusion of other
1304: sudoers-format files.
1305:
1306: * Sudo's -l (list) flag has been enhanced:
1307: o applicable Defaults options are now listed
1308: o a command argument can be specified for testing whether a user
1309: may run a specific command.
1310: o a new -U flag can be used in conjunction with "sudo -l" to allow
1311: root (or a user with "sudo ALL") list another user's privileges.
1312:
1313: * A new -g flag has been added to allow the user to specify a
1314: primary group to run the command as. The sudoers syntax has been
1315: extended to include a group section in the Runas specification.
1316:
1317: * A uid may now be used anywhere a username is valid.
1318:
1319: * The "secure_path" run-time Defaults option has been restored.
1320:
1321: * Password and group data is now cached for fast lookups.
1322:
1323: * The file descriptor at which sudo starts closing all open files is now
1324: configurable via sudoers and, optionally, the command line.
1325:
1326: * Visudo will now warn about aliases that are defined but not used.
1327:
1328: * The -i and -s command line flags now take an optional command
1329: to be run via the shell. Previously, the argument was passed
1330: to the shell as a script to run.
1331:
1332: * Improved LDAP support. SASL authentication may now be used in
1333: conjunction when connecting to an LDAP server. The krb5_ccname
1334: parameter in ldap.conf may be used to enable Kerberos.
1335:
1336: * Support for /etc/nsswitch.conf. LDAP users may now use nsswitch.conf
1337: to specify the sudoers order. E.g.:
1338: sudoers: ldap files
1339: to check LDAP, then /etc/sudoers. The default is "files", even
1340: when LDAP support is compiled in. This differs from sudo 1.6
1341: where LDAP was always consulted first.
1342:
1343: * Support for /etc/environment on AIX and Linux. If sudo is run
1344: with the -i flag, the contents of /etc/environment are used to
1345: populate the new environment that is passed to the command being
1346: run.
1347:
1348: * If no terminal is available or if the new -A flag is specified,
1349: sudo will use a helper program to read the password if one is
1350: configured. Typically, this is a graphical password prompter
1351: such as ssh-askpass.
1352:
1353: * A new Defaults option, "mailfrom" that sets the value of the
1354: "From:" field in the warning/error mail. If unspecified, the
1355: login name of the invoking user is used.
1356:
1357: * A new Defaults option, "env_file" that refers to a file containing
1358: environment variables to be set in the command being run.
1359:
1360: * A new flag, -n, may be used to indicate that sudo should not
1361: prompt the user for a password and, instead, exit with an error
1362: if authentication is required.
1363:
1364: * If sudo needs to prompt for a password and it is unable to disable
1365: echo (and no askpass program is defined), it will refuse to run
1366: unless the "visiblepw" Defaults option has been specified.
1367:
1368: * Prior to version 1.7.0, hitting enter/return at the Password: prompt
1369: would exit sudo. In sudo 1.7.0 and beyond, this is treated as
1370: an empty password. To exit sudo, the user must press ^C or ^D
1371: at the prompt.
1372:
1373: * visudo will now check the sudoers file owner and mode in -c (check)
1374: mode when the -s (strict) flag is specified.
1375:
1376: * A new Defaults option "umask_override" will cause sudo to set the
1377: umask specified in sudoers even if it is more permissive than the
1378: invoking user's umask.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>