1 What's new in Sudo 1.7.4p5?
3 * A bug has been fixed that would allow a command to be run without the
4 user entering a password when sudo's -g flag is used without the -u flag.
6 * If user has no supplementary groups, sudo will now fall back on checking
7 the group file explicitly, which restores historic sudo behavior.
9 * A crash has been fixed when sudo's -g flag is used without the -u flag
10 and the sudoers file contains an entry with no runas user or group listed.
12 * A bug has been fixed in the I/O logging support that could cause
13 visual artifacts in full-screen programs such as text editors,.
15 * A crash has been fixed when the Solaris project support is enabled
16 and sudo's -g flag is used without the -u flag.
18 * Sudo no longer exits with an error when support for auditing is
19 compiled in but auditing is not enabled.
21 * Fixed a bug introduced in sudo 1.7.3 where the ticket file was not
22 being honored when the "targetpw" sudoers Defaults option was enabled.
24 * The LOG_INPUT and LOG_OUTPUT tags in sudoers are now parsed correctly.
26 * A crash has been fixed in "sudo -l" when sudo is built with auditing
27 support and the user is not allowed to run any commands on the host.
29 What's new in Sudo 1.7.4p4?
31 * A potential security issue has been fixed with respect to the handling
32 of sudo's -g command line option when -u is also specified. The flaw
33 may allow an attacker to run commands as a user that is not authorized
36 * A bug has been fixed where "sudo -l" output was incomplete if multiple
37 sudoers sources were defined in nsswitch.conf and there was an error
38 querying one of the sources.
40 * The log_input, log_output, and use_pty sudoers options now work correctly
41 on AIX. Previously, sudo would hang if they were enabled.
43 * The "make install" target now works correctly when sudo is built in a
44 directory other than the source directory.
46 * The "runas_default" sudoers setting now works properly in a per-command
49 * Suspending and resuming the bash shell when PAM is in use now works
50 correctly. The SIGCONT signal was not propagated to the child process.
52 What's new in Sudo 1.7.4p3?
54 * A bug has been fixed where duplicate HOME environment variables could be
55 present when the env_reset setting was disabled and the always_set_home
56 setting was enabled in sudoers.
58 * The value of sysconfdir is now substituted into the path to the sudoers.d
59 directory in the installed sudoers file.
61 * Compilation problems on IRIX and other platforms have been fixed.
63 * If multiple PAM "auth" actions are specified and the user enters ^C at
64 the password prompt, sudo will no longer prompt for a password for any
65 subsequent "auth" actions. Previously it was necessary to enter ^C for
68 What's new in Sudo 1.7.4p2?
70 * A bug where sudo could spin in a busy loop waiting for the child process
73 What's new in Sudo 1.7.4p1?
75 * A bug introduced in sudo 1.7.3 that prevented the -k and -K options from
76 functioning when the tty_tickets sudoers option is enabled has been fixed.
78 * Sudo no longer prints a warning when the -k or -K options are specified
79 and the ticket file does not exist.
81 * It is now easier to cross-compile sudo.
83 What's new in Sudo 1.7.4?
85 * Sudoedit will now preserve the file extension in the name of the
86 temporary file being edited. The extension is used by some
87 editors (such as emacs) to choose the editing mode.
89 * Time stamp files have moved from /var/run/sudo to either /var/db/sudo,
90 /var/lib/sudo or /var/adm/sudo. The directories are checked for
91 existence in that order. This prevents users from receiving the
92 sudo lecture every time the system reboots. Time stamp files older
93 than the boot time are ignored on systems where it is possible to
96 * The tty_tickets sudoers option is now enabled by default.
98 * Ancillary documentation (README files, LICENSE, etc) is now installed
99 in a sudo documentation directory.
101 * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile"
104 * Defaults settings that are tied to a user, host or command may
105 now include the negation operator. For example:
106 Defaults:!millert lecture
107 will match any user but millert.
109 * The default PATH environment variable, used when no PATH variable
110 exists, now includes /usr/sbin and /sbin.
112 * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/)
113 for cross-platform packing.
115 * On Linux, sudo will now restore the nproc resource limit before
116 executing a command, unless the limit appears to have been modified
117 by pam_limits. This avoids a problem with bash scripts that open
118 more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX)
119 will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1).
121 * The HOME and MAIL environment variables are now reset based on the
122 target user's password database entry when the env_reset sudoers option
123 is enabled (which is the case in the default configuration). Users
124 wishing to preserve the original values should use a sudoers entry like:
125 Defaults env_keep += HOME
126 to preserve the old value of HOME and
127 Defaults env_keep += MAIL
128 to preserve the old value of MAIL.
130 * Fixed a problem in the restoration of the AIX authdb registry setting.
132 * Sudo will now fork(2) and wait until the command has completed before
133 calling pam_close_session().
135 * The default syslog facility is now "authpriv" if the operating system
136 supports it, else "auth".
138 What's new in Sudo 1.7.3?
140 * Support for logging I/O for the command being run.
141 For more information, see the documentation for the "log_input"
142 and "log_output" Defaults options in the sudoers manual. Also
143 see the sudoreplay manual for how to replay I/O log sessions.
145 * The use_pty sudoers option can be used to force a command to be
146 run in a pseudo-pty, even when I/O logging is not enabled.
148 * On some systems, sudo can now detect when a user has logged out
149 and back in again when tty-based time stamps are in use. Supported
150 systems include Solaris systems with the devices file system,
151 Mac OS X, and Linux systems with the devpts filesystem (pseudo-ttys
154 * On AIX systems, the registry setting in /etc/security/user is
155 now taken into account when looking up users and groups. Sudo
156 now applies the correct the user and group ids when running a
157 command as a user whose account details come from a different
158 source (e.g. LDAP or DCE vs. local files).
160 * Support for multiple 'sudoers_base' and 'uri' entries in ldap.conf.
161 When multiple entries are listed, sudo will try each one in the
162 order in which they are specified.
164 * Sudo's SELinux support should now function correctly when running
165 commands as a non-root user and when one of stdin, stdout or stderr
168 * Sudo will now use the Linux audit system with configure with
169 the --with-linux-audit flag.
171 * Sudo now uses mbr_check_membership() on systems that support it
172 to determine group membership. Currently, only Darwin (Mac OS X)
175 * When the tty_tickets sudoers option is enabled but there is no
176 terminal device, sudo will no longer use or create a tty-based
177 ticket file. Previously, sudo would use a tty name of "unknown".
178 As a consequence, if a user has no terminal device, sudo will
179 now always prompt for a password.
181 * The passwd_timeout and timestamp_timeout options may now be
182 specified as floating point numbers for more granular timeout
185 * Negating the fqdn option in sudoers now works correctly when sudo
186 is configured with the --with-fqdn option. In previous versions
187 of sudo the fqdn was set before sudoers was parsed.
189 What's new in Sudo 1.7.2?
191 * A new #includedir directive is available in sudoers. This can be
192 used to implement an /etc/sudo.d directory. Files in an includedir
193 are not edited by visudo unless they contain a syntax error.
195 * The -g option did not work properly when only setting the group
196 (and not the user). Also, in -l mode the wrong user was displayed
197 for sudoers entries where only the group was allowed to be set.
199 * Fixed a problem with the alias checking in visudo which
200 could prevent visudo from exiting.
202 * Sudo will now correctly parse the shell-style /etc/environment
203 file format used by pam_env on Linux.
205 * When doing password and group database lookups, sudo will only
206 cache an entry by name or by id, depending on how the entry was
207 looked up. Previously, sudo would cache by both name and id
208 from a single lookup, but this breaks sites that have multiple
209 password or group database names that map to the same uid or
212 * User and group names in sudoers may now be enclosed in double
213 quotes to avoid having to escape special characters.
215 * BSM audit fixes when changing to a non-root uid.
217 * Experimental non-Unix group support. Currently only works with
218 Quest Authorization Services and allows Active Directory groups
221 * For Netscape/Mozilla-derived LDAP SDKs the certificate and key
222 paths may be specified as a directory or a file. However, version
223 5.0 of the SDK only appears to support using a directory (despite
224 documentation to the contrary). If SSL client initialization
225 fails and the certificate or key paths look like they could be
226 default file name, strip off the last path element and try again.
228 * A setenv() compatibility fix for Linux systems, where a NULL
229 value is treated the same as an empty string and the variable
230 name is checked against the NULL pointer.
232 What's new in Sudo 1.7.1?
234 * A new Defaults option "pwfeedback" will cause sudo to provide visual
235 feedback when the user is entering a password.
237 * A new Defaults option "fast_glob" will cause sudo to use the fnmatch()
238 function for file name globbing instead of glob(). When this option
239 is enabled, sudo will not check the file system when expanding wildcards.
240 This is faster but a side effect is that relative paths with wildcard
243 * New BSM audit support for systems that support it such as FreeBSD
246 * The file name specified with the #include directive may now include
247 a %h escape which is expanded to the short form of hostname.
249 * The -k flag may now be specified along with a command, causing the
250 user's timestamp file to be ignored.
252 * New support for Tivoli-based LDAP START_TLS, present in AIX.
254 * New support for /etc/netsvc.conf on AIX.
256 * The unused alias checks in visudo now handle the case of an alias
257 referring to another alias.
259 What's new in Sudo 1.7.0?
261 * Rewritten parser that converts sudoers into a set of data structures.
262 This eliminates a number of ordering issues and makes it possible to
263 apply sudoers Defaults entries before searching for the command.
264 It also adds support for per-command Defaults specifications.
266 * Sudoers now supports a #include facility to allow the inclusion of other
267 sudoers-format files.
269 * Sudo's -l (list) flag has been enhanced:
270 o applicable Defaults options are now listed
271 o a command argument can be specified for testing whether a user
272 may run a specific command.
273 o a new -U flag can be used in conjunction with "sudo -l" to allow
274 root (or a user with "sudo ALL") list another user's privileges.
276 * A new -g flag has been added to allow the user to specify a
277 primary group to run the command as. The sudoers syntax has been
278 extended to include a group section in the Runas specification.
280 * A uid may now be used anywhere a username is valid.
282 * The "secure_path" run-time Defaults option has been restored.
284 * Password and group data is now cached for fast lookups.
286 * The file descriptor at which sudo starts closing all open files is now
287 configurable via sudoers and, optionally, the command line.
289 * Visudo will now warn about aliases that are defined but not used.
291 * The -i and -s command line flags now take an optional command
292 to be run via the shell. Previously, the argument was passed
293 to the shell as a script to run.
295 * Improved LDAP support. SASL authentication may now be used in
296 conjunction when connecting to an LDAP server. The krb5_ccname
297 parameter in ldap.conf may be used to enable Kerberos.
299 * Support for /etc/nsswitch.conf. LDAP users may now use nsswitch.conf
300 to specify the sudoers order. E.g.:
302 to check LDAP, then /etc/sudoers. The default is "files", even
303 when LDAP support is compiled in. This differs from sudo 1.6
304 where LDAP was always consulted first.
306 * Support for /etc/environment on AIX and Linux. If sudo is run
307 with the -i flag, the contents of /etc/environment are used to
308 populate the new environment that is passed to the command being
311 * If no terminal is available or if the new -A flag is specified,
312 sudo will use a helper program to read the password if one is
313 configured. Typically, this is a graphical password prompter
316 * A new Defaults option, "mailfrom" that sets the value of the
317 "From:" field in the warning/error mail. If unspecified, the
318 login name of the invoking user is used.
320 * A new Defaults option, "env_file" that refers to a file containing
321 environment variables to be set in the command being run.
323 * A new flag, -n, may be used to indicate that sudo should not
324 prompt the user for a password and, instead, exit with an error
325 if authentication is required.
327 * If sudo needs to prompt for a password and it is unable to disable
328 echo (and no askpass program is defined), it will refuse to run
329 unless the "visiblepw" Defaults option has been specified.
331 * Prior to version 1.7.0, hitting enter/return at the Password: prompt
332 would exit sudo. In sudo 1.7.0 and beyond, this is treated as
333 an empty password. To exit sudo, the user must press ^C or ^D
336 * visudo will now check the sudoers file owner and mode in -c (check)
337 mode when the -s (strict) flag is specified.
339 * A new Defaults option "umask_override" will cause sudo to set the
340 umask specified in sudoers even if it is more permissive than the
341 invoking user's umask.