Current Development Release
The current development release of sudo is
are also available for the development releases.
For full details see the ChangeLog
file or view the commit history in
If you plan to use a development release of sudo, please subscribe
to the sudo-workers mailing list so
that you will receive updates on bug fixes and related announcements.
You may also be interested in the
sudo-commits mailing list which
receives a message for each commit to the sudo source tree.
Major changes between version 1.9.3rc1 and 1.9.3b2:
- Compilation fixes when compiling for Android using the bionic C library.
Major changes between version 1.9.3b2 and 1.9.3b1:
Major changes between version 1.9.3b1 and 1.9.2:
- sudoedit will now prompt the user before overwriting
an existing file with one that is zero-length after editing.
- Fixed building the Python plugin on systems with a compiler that
doesn't support symbol hiding.
- Sudo now uses a linker script to hide symbols even when the
compiler has native symbol hiding support. This should make is
easier to detect omissions in the symbol exports file, regardless
of the platform.
- Fixed the libssl dependency in Debian packages for older releases
that use libssl1.0.0.
- sudo and visudo now provide more detailed
messages when a syntax error is detected in sudoers.
The offending line and token are now displayed. If the
parser was generated by GNU bison, additional information
about what token was expected is also displayed.
- Sudoers rules must now end in either a newline or the end-of-file.
Previously, it was possible to have multiple rules on a single
line, separated by white space. The use of an end-of-line
terminator makes it possible to display accurate error messages.
- Sudo no longer refuses to run if a syntax error in the sudoers
file is encountered. The entry with the syntax error will be
discarded and sudo will continue to parse the file. This makes
recovery from a syntax error less painful on systems where sudo
is the primary method of superuser access. The historic behavior
can be restored by add error_recovery=false to the sudoers
plugin's optional arguments in sudo.conf.
- Fixed the sample_approval plugin's symbol exports file for
systems where the compiler doesn't support symbol hiding.
- Fixed a regression introduced in sudo 1.9.1 where arguments to
the sudoers_policy plugin in sudo.conf
were not being applied. The sudoers file is now parsed by
the sudoers_audit plugin, which is loaded implicitly
when sudoers_policy is listed in sudo.conf.
Starting with sudo 1.9.3, if there are plugin arguments for
sudoers_policy but sudoers_audit is not
listed, those arguments will be applied to sudoers_audit
- The user's resource limits are now passed to sudo plugins in
the user_info list. A plugin cannot determine the limits
itself because sudo changes the limits while it runs to prevent
- It is now possible to set the working directory or change the
root directory on a per-command basis using the CWD and CHROOT
options. There are also new Defaults settings, runchroot
and runcwd, that can be used to set the working directory
or root directory on a more global basis.
- New -D (--chdir) and -R
(--chroot) command line options can be used to set
the working directory or root directory if the sudoers file
allows it. This functionality is not enabled by default
and must be explicitly enabled in the sudoers file.