1 What's new in Sudo 1.7.4p6?
3 * A bug has been fixed in the I/O logging support that could cause
4 visual artifacts in full-screen programs such as text editors.
6 What's new in Sudo 1.7.4p5?
8 * A bug has been fixed that would allow a command to be run without the
9 user entering a password when sudo's -g flag is used without the -u flag.
11 * If user has no supplementary groups, sudo will now fall back on checking
12 the group file explicitly, which restores historic sudo behavior.
14 * A crash has been fixed when sudo's -g flag is used without the -u flag
15 and the sudoers file contains an entry with no runas user or group listed.
17 * A crash has been fixed when the Solaris project support is enabled
18 and sudo's -g flag is used without the -u flag.
20 * Sudo no longer exits with an error when support for auditing is
21 compiled in but auditing is not enabled.
23 * Fixed a bug introduced in sudo 1.7.3 where the ticket file was not
24 being honored when the "targetpw" sudoers Defaults option was enabled.
26 * The LOG_INPUT and LOG_OUTPUT tags in sudoers are now parsed correctly.
28 * A crash has been fixed in "sudo -l" when sudo is built with auditing
29 support and the user is not allowed to run any commands on the host.
31 What's new in Sudo 1.7.4p4?
33 * A potential security issue has been fixed with respect to the handling
34 of sudo's -g command line option when -u is also specified. The flaw
35 may allow an attacker to run commands as a user that is not authorized
38 * A bug has been fixed where "sudo -l" output was incomplete if multiple
39 sudoers sources were defined in nsswitch.conf and there was an error
40 querying one of the sources.
42 * The log_input, log_output, and use_pty sudoers options now work correctly
43 on AIX. Previously, sudo would hang if they were enabled.
45 * The "make install" target now works correctly when sudo is built in a
46 directory other than the source directory.
48 * The "runas_default" sudoers setting now works properly in a per-command
51 * Suspending and resuming the bash shell when PAM is in use now works
52 correctly. The SIGCONT signal was not propagated to the child process.
54 What's new in Sudo 1.7.4p3?
56 * A bug has been fixed where duplicate HOME environment variables could be
57 present when the env_reset setting was disabled and the always_set_home
58 setting was enabled in sudoers.
60 * The value of sysconfdir is now substituted into the path to the sudoers.d
61 directory in the installed sudoers file.
63 * Compilation problems on IRIX and other platforms have been fixed.
65 * If multiple PAM "auth" actions are specified and the user enters ^C at
66 the password prompt, sudo will no longer prompt for a password for any
67 subsequent "auth" actions. Previously it was necessary to enter ^C for
70 What's new in Sudo 1.7.4p2?
72 * A bug where sudo could spin in a busy loop waiting for the child process
75 What's new in Sudo 1.7.4p1?
77 * A bug introduced in sudo 1.7.3 that prevented the -k and -K options from
78 functioning when the tty_tickets sudoers option is enabled has been fixed.
80 * Sudo no longer prints a warning when the -k or -K options are specified
81 and the ticket file does not exist.
83 * It is now easier to cross-compile sudo.
85 What's new in Sudo 1.7.4?
87 * Sudoedit will now preserve the file extension in the name of the
88 temporary file being edited. The extension is used by some
89 editors (such as emacs) to choose the editing mode.
91 * Time stamp files have moved from /var/run/sudo to either /var/db/sudo,
92 /var/lib/sudo or /var/adm/sudo. The directories are checked for
93 existence in that order. This prevents users from receiving the
94 sudo lecture every time the system reboots. Time stamp files older
95 than the boot time are ignored on systems where it is possible to
98 * The tty_tickets sudoers option is now enabled by default.
100 * Ancillary documentation (README files, LICENSE, etc) is now installed
101 in a sudo documentation directory.
103 * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile"
106 * Defaults settings that are tied to a user, host or command may
107 now include the negation operator. For example:
108 Defaults:!millert lecture
109 will match any user but millert.
111 * The default PATH environment variable, used when no PATH variable
112 exists, now includes /usr/sbin and /sbin.
114 * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/)
115 for cross-platform packing.
117 * On Linux, sudo will now restore the nproc resource limit before
118 executing a command, unless the limit appears to have been modified
119 by pam_limits. This avoids a problem with bash scripts that open
120 more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX)
121 will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1).
123 * The HOME and MAIL environment variables are now reset based on the
124 target user's password database entry when the env_reset sudoers option
125 is enabled (which is the case in the default configuration). Users
126 wishing to preserve the original values should use a sudoers entry like:
127 Defaults env_keep += HOME
128 to preserve the old value of HOME and
129 Defaults env_keep += MAIL
130 to preserve the old value of MAIL.
132 * Fixed a problem in the restoration of the AIX authdb registry setting.
134 * Sudo will now fork(2) and wait until the command has completed before
135 calling pam_close_session().
137 * The default syslog facility is now "authpriv" if the operating system
138 supports it, else "auth".
140 What's new in Sudo 1.7.3?
142 * Support for logging I/O for the command being run.
143 For more information, see the documentation for the "log_input"
144 and "log_output" Defaults options in the sudoers manual. Also
145 see the sudoreplay manual for how to replay I/O log sessions.
147 * The use_pty sudoers option can be used to force a command to be
148 run in a pseudo-pty, even when I/O logging is not enabled.
150 * On some systems, sudo can now detect when a user has logged out
151 and back in again when tty-based time stamps are in use. Supported
152 systems include Solaris systems with the devices file system,
153 Mac OS X, and Linux systems with the devpts filesystem (pseudo-ttys
156 * On AIX systems, the registry setting in /etc/security/user is
157 now taken into account when looking up users and groups. Sudo
158 now applies the correct the user and group ids when running a
159 command as a user whose account details come from a different
160 source (e.g. LDAP or DCE vs. local files).
162 * Support for multiple 'sudoers_base' and 'uri' entries in ldap.conf.
163 When multiple entries are listed, sudo will try each one in the
164 order in which they are specified.
166 * Sudo's SELinux support should now function correctly when running
167 commands as a non-root user and when one of stdin, stdout or stderr
170 * Sudo will now use the Linux audit system with configure with
171 the --with-linux-audit flag.
173 * Sudo now uses mbr_check_membership() on systems that support it
174 to determine group membership. Currently, only Darwin (Mac OS X)
177 * When the tty_tickets sudoers option is enabled but there is no
178 terminal device, sudo will no longer use or create a tty-based
179 ticket file. Previously, sudo would use a tty name of "unknown".
180 As a consequence, if a user has no terminal device, sudo will
181 now always prompt for a password.
183 * The passwd_timeout and timestamp_timeout options may now be
184 specified as floating point numbers for more granular timeout
187 * Negating the fqdn option in sudoers now works correctly when sudo
188 is configured with the --with-fqdn option. In previous versions
189 of sudo the fqdn was set before sudoers was parsed.
191 What's new in Sudo 1.7.2?
193 * A new #includedir directive is available in sudoers. This can be
194 used to implement an /etc/sudo.d directory. Files in an includedir
195 are not edited by visudo unless they contain a syntax error.
197 * The -g option did not work properly when only setting the group
198 (and not the user). Also, in -l mode the wrong user was displayed
199 for sudoers entries where only the group was allowed to be set.
201 * Fixed a problem with the alias checking in visudo which
202 could prevent visudo from exiting.
204 * Sudo will now correctly parse the shell-style /etc/environment
205 file format used by pam_env on Linux.
207 * When doing password and group database lookups, sudo will only
208 cache an entry by name or by id, depending on how the entry was
209 looked up. Previously, sudo would cache by both name and id
210 from a single lookup, but this breaks sites that have multiple
211 password or group database names that map to the same uid or
214 * User and group names in sudoers may now be enclosed in double
215 quotes to avoid having to escape special characters.
217 * BSM audit fixes when changing to a non-root uid.
219 * Experimental non-Unix group support. Currently only works with
220 Quest Authorization Services and allows Active Directory groups
223 * For Netscape/Mozilla-derived LDAP SDKs the certificate and key
224 paths may be specified as a directory or a file. However, version
225 5.0 of the SDK only appears to support using a directory (despite
226 documentation to the contrary). If SSL client initialization
227 fails and the certificate or key paths look like they could be
228 default file name, strip off the last path element and try again.
230 * A setenv() compatibility fix for Linux systems, where a NULL
231 value is treated the same as an empty string and the variable
232 name is checked against the NULL pointer.
234 What's new in Sudo 1.7.1?
236 * A new Defaults option "pwfeedback" will cause sudo to provide visual
237 feedback when the user is entering a password.
239 * A new Defaults option "fast_glob" will cause sudo to use the fnmatch()
240 function for file name globbing instead of glob(). When this option
241 is enabled, sudo will not check the file system when expanding wildcards.
242 This is faster but a side effect is that relative paths with wildcard
245 * New BSM audit support for systems that support it such as FreeBSD
248 * The file name specified with the #include directive may now include
249 a %h escape which is expanded to the short form of hostname.
251 * The -k flag may now be specified along with a command, causing the
252 user's timestamp file to be ignored.
254 * New support for Tivoli-based LDAP START_TLS, present in AIX.
256 * New support for /etc/netsvc.conf on AIX.
258 * The unused alias checks in visudo now handle the case of an alias
259 referring to another alias.
261 What's new in Sudo 1.7.0?
263 * Rewritten parser that converts sudoers into a set of data structures.
264 This eliminates a number of ordering issues and makes it possible to
265 apply sudoers Defaults entries before searching for the command.
266 It also adds support for per-command Defaults specifications.
268 * Sudoers now supports a #include facility to allow the inclusion of other
269 sudoers-format files.
271 * Sudo's -l (list) flag has been enhanced:
272 o applicable Defaults options are now listed
273 o a command argument can be specified for testing whether a user
274 may run a specific command.
275 o a new -U flag can be used in conjunction with "sudo -l" to allow
276 root (or a user with "sudo ALL") list another user's privileges.
278 * A new -g flag has been added to allow the user to specify a
279 primary group to run the command as. The sudoers syntax has been
280 extended to include a group section in the Runas specification.
282 * A uid may now be used anywhere a username is valid.
284 * The "secure_path" run-time Defaults option has been restored.
286 * Password and group data is now cached for fast lookups.
288 * The file descriptor at which sudo starts closing all open files is now
289 configurable via sudoers and, optionally, the command line.
291 * Visudo will now warn about aliases that are defined but not used.
293 * The -i and -s command line flags now take an optional command
294 to be run via the shell. Previously, the argument was passed
295 to the shell as a script to run.
297 * Improved LDAP support. SASL authentication may now be used in
298 conjunction when connecting to an LDAP server. The krb5_ccname
299 parameter in ldap.conf may be used to enable Kerberos.
301 * Support for /etc/nsswitch.conf. LDAP users may now use nsswitch.conf
302 to specify the sudoers order. E.g.:
304 to check LDAP, then /etc/sudoers. The default is "files", even
305 when LDAP support is compiled in. This differs from sudo 1.6
306 where LDAP was always consulted first.
308 * Support for /etc/environment on AIX and Linux. If sudo is run
309 with the -i flag, the contents of /etc/environment are used to
310 populate the new environment that is passed to the command being
313 * If no terminal is available or if the new -A flag is specified,
314 sudo will use a helper program to read the password if one is
315 configured. Typically, this is a graphical password prompter
318 * A new Defaults option, "mailfrom" that sets the value of the
319 "From:" field in the warning/error mail. If unspecified, the
320 login name of the invoking user is used.
322 * A new Defaults option, "env_file" that refers to a file containing
323 environment variables to be set in the command being run.
325 * A new flag, -n, may be used to indicate that sudo should not
326 prompt the user for a password and, instead, exit with an error
327 if authentication is required.
329 * If sudo needs to prompt for a password and it is unable to disable
330 echo (and no askpass program is defined), it will refuse to run
331 unless the "visiblepw" Defaults option has been specified.
333 * Prior to version 1.7.0, hitting enter/return at the Password: prompt
334 would exit sudo. In sudo 1.7.0 and beyond, this is treated as
335 an empty password. To exit sudo, the user must press ^C or ^D
338 * visudo will now check the sudoers file owner and mode in -c (check)
339 mode when the -s (strict) flag is specified.
341 * A new Defaults option "umask_override" will cause sudo to set the
342 umask specified in sudoers even if it is more permissive than the
343 invoking user's umask.