Sudo Development Releases
Current Development Release
The current development release of sudo is
1.9.0b2.
Binary packages are also available for the development releases.
For full details see the ChangeLog file or view the commit history in mercurial.
If you plan to use a development release of sudo, please subscribe to the sudo-workers mailing list so that you will receive updates on bug fixes and related announcements. You may also be interested in the sudo-commits mailing list which receives a message for each commit to the sudo source tree.
Major changes between version 1.9.0b2 and 1.9.0b1:
- Implemented support for audit plugins in sudo.
An audit plugin receives accept, reject and error messages
and can be used to implement custom logging that is independent
of the underlying security policy. Multiple audit plugins
may be specified in the sudo.conf file. A sample
audit plugin is included that can produce logs in JSON format.
- Implemented support for approval plugins in sudo.
An approval plugin is run only after the main security policy
(such as sudoers) accepts a command to be run. The approval
policy may perform additional checks, potentially interacting
with the user. Multiple approval plugins may be specified
in the sudo.conf file. Only if all approval plugins
succeed will the command be allowed.
- Python bindings have been implemented for the audit and
approval plugins.
- Fixed a problem with the log server client where the TLS
handshake might fail but a short-lived command could still
be run.
- The sudo_logsrvd daemon now supports logging in JSON format in addition to traditional sudo-style logs.
Major changes between version 1.9.0b1 and 1.8.30:
- Sudo now includes a logging daemon, sudo_logsrvd, which can
be used to implement centralized logging of I/O logs.
TLS connections are supported when sudo is
configured with the --enable-openssl option.
For more information, see the
sudo_logsrvd,
sudo_logsrvd.conf
and
sudo_logsrv.proto
manuals.
- The sudoers plugin can be configured to send logs to sudo_logsrvd.
See the log_servers, log_server_timeout
and log_server_keepalive settings in the sudoers
manual.
TLS connections are supported when sudo is configured with the --enable-openssl option. TLS can be configured using the log_server_cabundle, log_server_peer_cert, and log_server_peer_key settings in the sudoers manual.
- The new sudo_sendlog utility can be used to test sudo_logsrvd or send existing sudo I/O logs
to a centralized server.
- It is now possible to write sudo plugins in Python when
sudo is configured with the --enable-python option.
See the sudo_plugin_python
manual for details.
Sudo 1.9.0 comes with several Python example plugins that get
installed sudo's examples directory.
The sudo blog article What's new in sudo 1.9: Python includes a simple tutorial on writing python plugins.
-
Avoid checking the internal signal SIGLWP in
strsig_test on FreeBSD. This fixes a make
check failure on FreeBSD.
About Sudo
- Sudo Home
- A Short Introduction
- Stable Release
- Development Release
- A Brief History
- Contributors
- Sudo News
- NLS Support
- Sudo Plugins
- Sudo License
- Export Restrictions
Getting Sudo
Documentation
Sudo Resources
Other