[sudo-announce] sudo 1.7.4p4 released

Tue Sep 7 09:11:24 EDT 2010

Sudo version 1.7.4p4 is now available.

This release fixes a security issue with respect to the handling
of sudo's -g command line option when -u is also specified.  The
flaw may allow an attacker to run commands as a user that is not
authorized by the sudoers file.  For more details, see:
    http://www.sudo.ws/sudo/alerts/runas_group.html

Source:
    http://www.sudo.ws/sudo/dist/sudo-1.7.4p4.tar.gz
    ftp://ftp.sudo.ws/pub/sudo/sudo-1.7.4p4.tar.gz

Binary packages:
    http://www.sudo.ws/sudo/download.html#binary

For a list of download mirror sites, see:
    http://www.sudo.ws/sudo/download_mirrors.html

Sudo web site:
    http://www.sudo.ws/sudo/

Sudo web site mirrors:
    http://www.sudo.ws/sudo/mirrors.html

Major changes between sudo 1.7.4p3 and 1.7.4p4:

 * A potential security issue has been fixed with respect to the
   handling of sudo's -g command line option when -u is also
   specified.  The flaw may allow an attacker to run commands as a
   user that is not authorized by the sudoers file.

 * A bug has been fixed where "sudo -l" output was incomplete
   if multiple sudoers sources were defined in nsswitch.conf
   and there was an error querying one of the sources.

 * The log_input, log_output, and use_pty sudoers options now
   work correctly on AIX.  Previously, sudo would hang if
   they were enabled.

 * Fixed "make install" when sudo is built in a directory
   other than the directory that holds the sources.

 * The "runas_default" sudoers setting now works properly in a
   per-command Defaults line.

 * Suspending and resuming the bash shell when PAM is in use now
   works properly.  The SIGCONT signal was not being propagated
   to the child process.

Major changes between sudo 1.7.4p2 and 1.7.4p3:

 * A bug has been fixed where duplicate HOME environment
   variables could be set when the env_reset setting was disabled
   and the always_set_home setting was enabled in sudoers.

 * The value of sysconfdir is now substituted into the path
   to the sudoers.d directory in the installed sudoers file.

 * Fixed compilation problems on Irix and other platforms.

 * If multiple PAM "auth" actions are specified and the user
   enters ^C at the password prompt, sudo will now abort any
   subsequent "auth" actions.  Previously it was necessary to
   enter ^C once for each "auth" action.

Major changes between sudo 1.7.4p1 and 1.7.4p2:

 * Fixed a bug where sudo could spin in a busy loop waiting for the
   child process.

 * Packaging fixes for sudo.pp to better handle patchlevels.

Major changes between sudo 1.7.4 and 1.7.4p1:

 * Fixed a bug introduced in sudo 1.7.3 that prevented the -k and
   -K options from functioning when the tty_tickets sudoers option
   is enabled.

 * Sudo no longer prints a warning when the -k or -K options are
   specified and the ticket file does not exist.

 * Changes to the configure script to enable cross-compilation of Sudo.

Major changes between sudo 1.7.3 and 1.7.4:

 * Sudoedit will now preserve the file extension in the name of the
   temporary file being edited.  The extension is used by some
   editors (such as emacs) to choose the editing mode.

 * Time stamp files have moved from /var/run/sudo to either /var/db/sudo,
   /var/lib/sudo or /var/adm/sudo.  The directories are checked for
   existence in that order.  This prevents users from receiving the
   sudo lecture every time the system reboots.  Time stamp files older
   than the boot time are ignored on systems where it is possible to
   determine this.

 * Ancillary documentation (README files, LICENSE, etc) is now installed
   in a sudo documentation directory.

 * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile"
   in ldap.conf.

 * Defaults settings that are tied to a user, host or command may
   now include the negation operator.  For example:
        Defaults:!millert lecture
   will match any user but millert.

 * The default PATH environment variable, used when no PATH variable
    exists, now includes /usr/sbin and /sbin.

 * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/)
   for cross-platform packing.

 * On Linux, sudo will now restore the nproc resource limit before
   executing a command, unless the limit appears to have been modified
   by pam_limits.  This avoids a problem with bash scripts that open
   more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX)
   will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1).

 * Visudo will now treat an unrecognized Defaults entry as a parse
   error (sudo will warn but still run).

 * The HOME and MAIL environment variables are now reset based on
   the target user's password database entry when the env_reset
   sudoers option is enabled (which is the case in the default
   configuration).  Users wishing to preserve the original values
   should use a sudoers entry like:

        Defaults env_keep += HOME

   to preserve the old value of HOME and 

        Defaults env_keep += MAIL

   to preserve the old value of MAIL. 

 * The tty_tickets option is now on by default.

 * Fixed a problem in the restoration of the AIX authdb registry setting.

 * If PAM is in use, sudo will wait until the process has finished
   before closing the PAM session.

 * Fixed "sudo -i -u user" where user has no shell listed in the
   password database.

 * When logging I/O, sudo now handles pty read/write returning ENXIO,
   as seen on FreeBSD when the login session has been killed.

 * Sudo now performs I/O logging in the C locale.  This avoids
   locale-related issues when parsing floating point
   numbers in the timing file.

 * Added support for Ubuntu-style admin flag dot files.