[sudo-announce] Sudo version 1.6.8 now available
Todd C. Miller
Todd.Miller at courtesan.com
Fri Aug 20 22:33:30 EDT 2004
After a long wait, Sudo version 1.6.8 is now available. It's taken
a while but version 1.6.8 includes some exciting new features.
It is also the first release for which I am offering commercial
support. If your organization uses Sudo please consider purchasing
a support contract to help fund addition Sudo development. Please
see http://www.sudo.ws/support.html
Alternately, you can help out by "purchasing" a copy of Sudo or
making a donation at http://www.sudo.ws/purchase.html
Sudo is still free software and I intend for it to remain so but
as I currently lack regular employment I am asking for help from
the Sudo community. Your support will enable me to continue to
improve Sudo and complete projects such as a proper user's manual
and a major rewrite of large portions of Sudo.
Enough of the commercial, now on to the good part...
Major changes since Sudo 1.6.7p5:
o LDAP support: sudoers info may be stored in LDAP
(optionally using TLS).
o There is a new -e option to edit files the with uid of the
invoking user. This makes it possible to give users to ability
to safely edit files without the possibility of editing other
files or running commands as the target user. If sudo is run
as "sudoedit" the -e flag is implied.
o A new tag, NOEXEC, will prevent a dynamically-linked program
being run by sudo from executing another program (think shell
escapes). Because this uses LD_PRELOAD it has no effect on static
binaries.
o Added a -i option to simulate an initial login similar to "su -".
o If sudo is used to run as root shell, further sudo commands will
be logged as run by the user specified by the SUDO_USER environment
variable. In -e mode (sudoedit), SUDO_USER is used to determine
what user to run the editor when the real uid is 0.
o The sudoers file is now parsed as the runas user in all cases
instead of root. This fixes some issues with running NFS-mounted
commands.
o If the target user is the same as the invoking user a password
is no longer required.
o Sudo now produces a sensible error message when the targetpw
Defaults option is set and a non-existent uid is specified via
the -u option.
o A negated user/uid in a runas list is now treated the same as a
negated command and overrides a previously allowed entry.
o PAM support now uses Use pam_acct_mgmt() to check for disabled
accounts.
o Added a check in visudo for runas_default being used before it
was set.
o Fixed several issues when closing all open descriptors. Sudo
now uses closefrom() if it exists, otherwise it uses /proc/$$/fd
if that exists with a fallback of closing all possible descriptors.
o Quoting globbing characters with a backslash now works as
documented.
o Fixed a problem on FreeBSD (and perhaps others) when the user
is only listed in NIS (not master.passwd) and netgroups are used
in the master.passwd file.
o The username in a log entry is no longer truncated at 8 characters.
o Added a "sudo_lecture" option that can point to a file containing
a custom lecture.
o /tmp/.odus is no longer used for timestamps by default.
o Fixed the --with-stow configure option.
o TIS fwtk authentication now supports fwtk 2.0 and higher.
o Added Stan Lee / Uncle Ben quote to the lecture from RedHat.
o Added the --with-pc-insults configure to replace politically
incorrect insults with other ones.
Master Web Site:
http://www.sudo.ws/sudo/
Web Site Mirrors:
http://sudo.stikman.com/ (Los Angeles, California, USA)
http://mirage.informationwave.net/sudo/ (Fanwood, New Jersey, USA)
http://www.mrv2k.net/sudo/ (Bend, Oregon, USA)
http://www.signal42.com/mirrors/sudo_www/ (USA)
http://sudo.xmundo.net/ (Argentina)
http://sudo.planetmirror.com/ (Australia)
http://sunshine.lv/sudo/ (Latvia)
http://rexem.uni.cc/sudo/ (Kaunas, Lithuania)
http://sudo.cdu.elektra.ru/ (Russia)
http://sudo.nctu.edu.tw/ (Taiwan)
FTP Mirrors:
ftp://anonopenbsd.cs.colorado.edu/pub/sudo/ (Boulder, Colorado, USA)
ftp://ftp.cs.colorado.edu/pub/sudo/ (Boulder, Colorado, USA)
ftp://obsd.isc.org/pub/sudo/ (Redwood City, California, USA)
ftp://ftp.stikman.com/pub/sudo/ (Los Angeles, California, USA)
ftp://ftp.tux.org/pub/security/sudo/ (Beltsville, Maryland, USA)
ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/sudo/ (West Lafayette, Indiana, USA)
ftp://ftp.uwsg.indiana.edu/pub/security/sudo/ (Bloomington, Indiana, USA)
ftp://ftp.rge.com/pub/admin/sudo/ (Rochester, New York, USA)
ftp://sudo.xmundo.net/pub/mirrors/sudo/ (Argentina)
ftp://ftp.wiretapped.net/pub/security/host-security/sudo/ (Australia)
ftp://ftp.tuwien.ac.at/utils/admin-tools/sudo/ (Austria)
ftp://sunsite.ualberta.ca/pub/Mirror/sudo/ (Alberta, Canada)
ftp://ftp.csc.cuhk.edu.hk/pub/packages/unix-tools/sudo/ (Hong Kong, China)
ftp://ftp.eunet.cz/pub/security/sudo/ (Czechoslovakia)
ftp://ftp.ujf-grenoble.fr/sudo/ (France)
ftp://netmirror.org/ftp.sudo.ws/ (Frankfurt, Germany)
ftp://ftp.win.ne.jp/pub/misc/sudo/ (Japan)
ftp://ftp.st.ryukoku.ac.jp/pub/security/tool/sudo/ (Japan)
ftp://ftp.cin.nihon-u.ac.jp/pub/misc/sudo/ (Japan)
ftp://core.ring.gr.jp/pub/misc/sudo/ (Japan)
ftp://ftp.ring.gr.jp/pub/misc/sudo/ (Japan)
ftp://ftp.ayamura.org/pub/sudo/ (Japan)
ftp://ftp.tpnet.pl/d6/ftp.sudo.ws/ (Poland)
ftp://ftp.cdu.elektra.ru/pub/unix/security/sudo/ (Russia)
ftp://ftp.nsysu.edu.tw/Unix/Security/Sudo/ (Taiwan)
HTTP Mirrors:
http://www.rge.com/pub/admin/sudo/ (Rochester, New York, USA)
http://probsd.org/sudoftp/ (East Coast, USA)
http://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/sudo/ (West Lafayette, Indiana, USA)
http://www.signal42.com/mirrors/sudo_ftp/ (California, USA)
http://netmirror.org/mirror/ftp.sudo.ws/ (Frankfurt, Germany)
http://core.ring.gr.jp/archives/misc/sudo/ (Japan)
http://www.ring.gr.jp/archives/misc/sudo/ (Japan)
http://ftp.tpnet.pl/vol/d6/ftp.sudo.ws/ (Poland)
http://sudo.tsuren.net/dist/ (Moscow, Russian Federation)
http://ftp.nsysu.edu.tw/Unix/Security/Sudo/ (Taiwan)
More information about the sudo-announce
mailing list