Sudo Development Releases

Current Development Release

The current development release of sudo is 1.9.0rc4.
Binary packages are also available for the development releases.

For full details see the ChangeLog file or view the commit history in mercurial.

If you plan to use a development release of sudo, please subscribe to the sudo-workers mailing list so that you will receive updates on bug fixes and related announcements. You may also be interested in the sudo-commits mailing list which receives a message for each commit to the sudo source tree.

Major changes between version 1.9.0rc4 and 1.9.0rc3:

  • The default TLS listener is now only enabled when either the TLS certificate file is explicitly specified in sudo_logsrvd.conf or the default TLS certificate file exists in the file system. There is no change in behavior for listen_address entries explicitly set in the configuration file.

Major changes between version 1.9.0rc4 and 1.9.0rc3:

  • Debian sudo-python packages now include a dependency on the correct version of libpython.

  • Various spelling fixes. Bug #925.

  • The struct passwd passed to PAM session modules is now looked up by user name, not user-ID, when possible. Fixes a problem with the pam_limits module and configurations where multiple user names share the same ID. Debian bug #734752.

  • Sudo command line options that take a value may only be specified once. This is to help guard against problems caused by poorly written scripts that invoke sudo with user-controlled input. Bug #924.

Major changes between version 1.9.0rc3 and 1.9.0rc2:

  • The sudo-logsrvd package now installs a systemd service on Linux distros that use systemd.

  • The I/O plugin is now closed before the policy plugin on command exit.

  • When copying the edited files to the original path, sudoedit now allocates any additional space needed before writing. Previously, it could truncate the destination file if the file system was full. Bug #922.

  • Fixed a compilation issue with Python 3.8.

  • Changed how TLS connections are made to the log server. Instead of using a starttls type approach where TLS and plaintext connections share the same point we now use separate ports for plaintext and TLS connections. A (tls) flag can be specified after the host:port to indicate that the connection should be secured with TLS. This avoids a potention man-in-the-middle attack that could cause the connection to be forced into plaintext mode. Unfortunately, this change breaks compatibility with the previous release candidates.

Major changes between version 1.9.0rc2 and 1.9.0rc1:

  • The example Python plugins now work correctly with Python 3.4.

Major changes between version 1.9.0rc1 and 1.9.0b5:

  • The sudo_logsrvd daemon and python plugin now have their own packages. Currently, the sudo-python package is only built for Linux.

  • For sudo -i, if the target user's home directory does not exist, sudo will now warn about the problem but run the command in the current working directory. Previously, this was a fatal error. Debian bug #598519.

  • The command line arguments in the SUDO_COMMAND environment variable are now truncated at 4096 characters. This avoids an Argument list too long error when executing a command with a large number of arguments. Bug #923 and Debian bug #596631.

  • Sudo now properly ends the PAM transaction when the user authenticates successfully but sudoers denies the command. Debian bug #669687.

  • The sudoers grammar in the manual now indicates that "sudoedit" requires one or more arguments. Debian bug #571621.

  • The sample sudo_logsrvd.conf file is now installed if one does not already exist.

  • The python plugin can now be built with Python 3.4.

  • Assorted sudo_logsrvd bug fixes.

Major changes between version 1.9.0b5 and 1.9.0b4:

  • Sudo once again ignores a failure to restore the RLIMIT_CORE resource limit, as it did prior to version 1.8.29. Linux containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY if we set the limit to zero, even for root, which resulted in a warning from sudo.

  • In sudo_logsrvd, disable server-side validation of the server certificate if the OpenSSL version is too old to have functions such as SSL_CTX_get0_certificate(). This allows sudo_logsrvd to build on Solaris 11.3 with the system version of OpenSSL.

  • The sudoers plugin and sudo_logsrvd now write an extended I/O log info file in JSON format. This will make it easier to add extra logging data in the future.

  • The sudoreplay utility will now read the extended I/O log info file if it exists. This allows matching based on the host name in list mode. The list output now also includes the host name if one is present in the log file.

  • sudo_logsrvd now stores a pid file in the sudo run directory.

  • sudo_logsrvd now exits with an error if it cannot bind to any of the specified listen sockets.

  • The sudo binary packages now include a service script for starting sudo_logsrvd.

  • Updated translations from

Major changes between version 1.9.0b4 and 1.9.0b3:

  • It is now possible to use Cmd_Alias instead of Cmnd_Alias in sudoers for people who find the former more natural.

  • The new pam_ruser and pam_rhost sudoers settings can be used to enable or disable setting the PAM remote user and/or host values during PAM session setup.

  • More than one SHA-2 digest may now be specified for a single command. Multiple digests must be separated by a comma.

  • It is now possible to specify a SHA-2 digest in conjunction with the ALL reserved word in a command specification. This allows one to give permission to run any command that matches the specified digest, regardless of its path.

Major changes between version 1.9.0b3 and 1.9.0b2:

  • Added the --disable-log-server and --disable-log-client configure options. These can be used to optionally disable building sudo_logsrvd and support for remote I/O logging in the sudoers plugin respectively.

  • sudo -S now overrides the SUDO_CONV_PREFER_TTY flag.

  • Python plugin updates.

Major changes between version 1.9.0b2 and 1.9.0b1:

  • Implemented support for audit plugins in sudo. An audit plugin receives accept, reject and error messages and can be used to implement custom logging that is independent of the underlying security policy. Multiple audit plugins may be specified in the sudo.conf file. A sample audit plugin is included that can produce logs in JSON format.

  • Implemented support for approval plugins in sudo. An approval plugin is run only after the main security policy (such as sudoers) accepts a command to be run. The approval policy may perform additional checks, potentially interacting with the user. Multiple approval plugins may be specified in the sudo.conf file. Only if all approval plugins succeed will the command be allowed.

  • Python bindings have been implemented for the audit and approval plugins.

  • Fixed a problem with the log server client where the TLS handshake might fail but a short-lived command could still be run.

  • The sudo_logsrvd daemon now supports logging in JSON format in addition to traditional sudo-style logs.

Major changes between version 1.9.0b1 and 1.8.30:

  • Sudo now includes a logging daemon, sudo_logsrvd, which can be used to implement centralized logging of I/O logs. TLS connections are supported when sudo is configured with the --enable-openssl option. For more information, see the sudo_logsrvd, sudo_logsrvd.conf and sudo_logsrv.proto manuals.

  • The sudoers plugin can be configured to send logs to sudo_logsrvd. See the log_servers, log_server_timeout and log_server_keepalive settings in the sudoers manual.

    TLS connections are supported when sudo is configured with the --enable-openssl option. TLS can be configured using the log_server_cabundle, log_server_peer_cert, and log_server_peer_key settings in the sudoers manual.

  • The new sudo_sendlog utility can be used to test sudo_logsrvd or send existing sudo I/O logs to a centralized server.

  • It is now possible to write sudo plugins in Python when sudo is configured with the --enable-python option. See the sudo_plugin_python manual for details. Sudo 1.9.0 comes with several Python example plugins that get installed sudo's examples directory.

    The sudo blog article What's new in sudo 1.9: Python includes a simple tutorial on writing python plugins.

  • Avoid checking the internal signal SIGLWP in strsig_test on FreeBSD. This fixes a make check failure on FreeBSD.