[sudo-announce] sudo 1.7.4p4 released
Todd C. Miller
Todd.Miller at courtesan.com
Tue Sep 7 09:11:24 EDT 2010
Sudo version 1.7.4p4 is now available.
This release fixes a security issue with respect to the handling
of sudo's -g command line option when -u is also specified. The
flaw may allow an attacker to run commands as a user that is not
authorized by the sudoers file. For more details, see:
http://www.sudo.ws/sudo/alerts/runas_group.html
Source:
http://www.sudo.ws/sudo/dist/sudo-1.7.4p4.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.7.4p4.tar.gz
Binary packages:
http://www.sudo.ws/sudo/download.html#binary
For a list of download mirror sites, see:
http://www.sudo.ws/sudo/download_mirrors.html
Sudo web site:
http://www.sudo.ws/sudo/
Sudo web site mirrors:
http://www.sudo.ws/sudo/mirrors.html
Major changes between sudo 1.7.4p3 and 1.7.4p4:
* A potential security issue has been fixed with respect to the
handling of sudo's -g command line option when -u is also
specified. The flaw may allow an attacker to run commands as a
user that is not authorized by the sudoers file.
* A bug has been fixed where "sudo -l" output was incomplete
if multiple sudoers sources were defined in nsswitch.conf
and there was an error querying one of the sources.
* The log_input, log_output, and use_pty sudoers options now
work correctly on AIX. Previously, sudo would hang if
they were enabled.
* Fixed "make install" when sudo is built in a directory
other than the directory that holds the sources.
* The "runas_default" sudoers setting now works properly in a
per-command Defaults line.
* Suspending and resuming the bash shell when PAM is in use now
works properly. The SIGCONT signal was not being propagated
to the child process.
Major changes between sudo 1.7.4p2 and 1.7.4p3:
* A bug has been fixed where duplicate HOME environment
variables could be set when the env_reset setting was disabled
and the always_set_home setting was enabled in sudoers.
* The value of sysconfdir is now substituted into the path
to the sudoers.d directory in the installed sudoers file.
* Fixed compilation problems on Irix and other platforms.
* If multiple PAM "auth" actions are specified and the user
enters ^C at the password prompt, sudo will now abort any
subsequent "auth" actions. Previously it was necessary to
enter ^C once for each "auth" action.
Major changes between sudo 1.7.4p1 and 1.7.4p2:
* Fixed a bug where sudo could spin in a busy loop waiting for the
child process.
* Packaging fixes for sudo.pp to better handle patchlevels.
Major changes between sudo 1.7.4 and 1.7.4p1:
* Fixed a bug introduced in sudo 1.7.3 that prevented the -k and
-K options from functioning when the tty_tickets sudoers option
is enabled.
* Sudo no longer prints a warning when the -k or -K options are
specified and the ticket file does not exist.
* Changes to the configure script to enable cross-compilation of Sudo.
Major changes between sudo 1.7.3 and 1.7.4:
* Sudoedit will now preserve the file extension in the name of the
temporary file being edited. The extension is used by some
editors (such as emacs) to choose the editing mode.
* Time stamp files have moved from /var/run/sudo to either /var/db/sudo,
/var/lib/sudo or /var/adm/sudo. The directories are checked for
existence in that order. This prevents users from receiving the
sudo lecture every time the system reboots. Time stamp files older
than the boot time are ignored on systems where it is possible to
determine this.
* Ancillary documentation (README files, LICENSE, etc) is now installed
in a sudo documentation directory.
* Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile"
in ldap.conf.
* Defaults settings that are tied to a user, host or command may
now include the negation operator. For example:
Defaults:!millert lecture
will match any user but millert.
* The default PATH environment variable, used when no PATH variable
exists, now includes /usr/sbin and /sbin.
* Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/)
for cross-platform packing.
* On Linux, sudo will now restore the nproc resource limit before
executing a command, unless the limit appears to have been modified
by pam_limits. This avoids a problem with bash scripts that open
more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX)
will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1).
* Visudo will now treat an unrecognized Defaults entry as a parse
error (sudo will warn but still run).
* The HOME and MAIL environment variables are now reset based on
the target user's password database entry when the env_reset
sudoers option is enabled (which is the case in the default
configuration). Users wishing to preserve the original values
should use a sudoers entry like:
Defaults env_keep += HOME
to preserve the old value of HOME and
Defaults env_keep += MAIL
to preserve the old value of MAIL.
* The tty_tickets option is now on by default.
* Fixed a problem in the restoration of the AIX authdb registry setting.
* If PAM is in use, sudo will wait until the process has finished
before closing the PAM session.
* Fixed "sudo -i -u user" where user has no shell listed in the
password database.
* When logging I/O, sudo now handles pty read/write returning ENXIO,
as seen on FreeBSD when the login session has been killed.
* Sudo now performs I/O logging in the C locale. This avoids
locale-related issues when parsing floating point
numbers in the timing file.
* Added support for Ubuntu-style admin flag dot files.
More information about the sudo-announce
mailing list