[sudo-announce] sudo 1.8.6p8 released
Todd C. Miller
Todd.Miller at courtesan.com
Sun Apr 14 14:05:25 MDT 2013
Sudo version 1.8.6p8 is now available. See the list of major changes
below for details.
Source:
http://www.sudo.ws/sudo/dist/sudo-1.8.6p8.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.8.6p8.tar.gz
Binary packages:
http://www.sudo.ws/sudo/download.html#binary
For a list of download mirror sites, see:
http://www.sudo.ws/sudo/download_mirrors.html
Sudo web site:
http://www.sudo.ws/sudo/
Sudo web site mirrors:
http://www.sudo.ws/sudo/mirrors.html
Major changes between sudo 1.8.6p8 and 1.8.6p7:
* Terminal detection now works properly on 64-bit AIX kernels.
This was broken by the removal of the ttyname() fallback in Sudo
1.8.6p6. Sudo is now able to map an AIX 64-bit device number
to the corresponding device file in /dev.
* Sudo now checks for crypt() returning NULL when performing
passwd-based authentication.
Major changes between sudo 1.8.6p7 and 1.8.6p6:
* A time stamp file with the date set to the epoch by "sudo -k"
is now completely ignored regardless of what the local clock is
set to. Previously, if the local clock was set to a value between
the epoch and the time stamp timeout value, a time stamp reset
by "sudo -k" would be considered current.
This fix has security implications, for details see:
http://www.sudo.ws/sudo/alerts/epoch_ticket.html
* The tty-specific time stamp file now includes the session ID
of the sudo process that created it. If a process with the same
tty but a different session ID runs sudo, the user will now be
prompted for a password (assuming authentication is required for
the command).
This fix has security implications, for details see:
http://www.sudo.ws/sudo/alerts/tty_tickets.html
Major changes between sudo 1.8.6p6 and 1.8.6p5:
* On systems where the controlling tty can be determined via /proc
or sysctl(), sudo will no longer fall back to using ttyname()
if the process has no controlling tty. This prevents sudo from
using a non-controlling tty for logging and time stamp purposes.
This fix has security implications, for details see:
http://www.sudo.ws/sudo/alerts/tty_tickets.html
Major changes between sudo 1.8.6p5 and 1.8.6p4:
* Fixed a potential crash in visudo's alias cycle detection.
* Improved performance on Solaris when retrieving the group list
for the target user. On systems with a large number of groups
where the group database is not local (NIS, LDAP, AD), fetching
the group list could take a minute or more.
Major changes between sudo 1.8.6p4 and 1.8.6p3:
* The -fstack-protector is now used when linking visudo, sudoreplay
and testsudoers.
* Avoid building PIE binaries on FreeBSD/ia64 as they don't run
properly.
* Fixed a crash in visudo strict mode when an unknown Defaults
setting is encountered.
* Do not inform the user that the command was not permitted by the
policy if they do not successfully authenticate. This is a
regression introduced in sudo 1.8.6.
* Allow sudo to be build with sss support without also including
ldap support.
* Fix running commands that need the terminal in the background
when I/O logging is enabled. E.g. "sudo vi &". When the command
is foregrounded, it will now resume properly.
Major changes between sudo 1.8.6p3 and 1.8.6p2:
* Fixed post-processing of the man pages on systems with legacy
versions of sed.
* Fixed "sudoreplay -l" on Linux systems with file systems that
set DT_UNKNOWN in the d_type field of struct dirent.
Major changes between sudo 1.8.6p2 and 1.8.6p1:
* Fixed suspending a command after it has already been resumed
once when I/O logging (or use_pty) is not enabled.
This was a regression introduced in version 1.8.6.
Major changes between sudo 1.8.6p1 and 1.8.6:
* Fixed the setting of LOGNAME, USER and USERNAME variables in the
command's environment when env_reset is enabled (the default).
This was a regression introduced in version 1.8.6.
* Sudo now honors SUCCESS=return in /etc/nsswitch.conf.
Major changes between sudo 1.8.6 and 1.8.5p3:
* Sudo is now built with the -fstack-protector flag if the the
compiler supports it. Also, the -zrelro linker flag is used if
supported. The --disable-hardening configure option can be used
to build sudo without stack smashing protection.
* Sudo is now built as a Position Independent Executable (PIE)
if supported by the compiler and linker.
* If the user is a member of the "exempt" group in sudoers, they
will no longer be prompted for a password even if the -k flag
is specified with the command. This makes "sudo -k command"
consistent with the behavior one would get if the user ran "sudo
-k" immediately before running the command.
* The sudoers file may now be a symbolic link. Previously, sudo
would refuse to read sudoers unless it was a regular file.
* The sudoreplay command can now properly replay sessions where
no tty was present.
* The sudoers plugin now takes advantage of symbol visibility
controls when supported by the compiler or linker. As a result,
only a small number of symbols are exported which significantly
reduces the chances of a conflict with other shared objects.
* Improved support for the Tivoli Directory Server LDAP client
libraries. This includes support for using LDAP over SSL (ldaps)
as well as support for the BIND_TIMELIMIT, TLS_KEY and TLS_CIPHERS
ldap.conf options. A new ldap.conf option, TLS_KEYPW can be
used to specify a password to decrypt the key database.
* When constructing a time filter for use with LDAP sudoNotBefore
and sudoNotAfter attributes, the current time now includes tenths
of a second. This fixes a problem with timed entries on Active
Directory.
* If a user fails to authenticate and the command would be rejected
by sudoers, it is now logged with "command not allowed" instead
of "N incorrect password attempts". Likewise, the "mail_no_perms"
sudoers option now takes precedence over "mail_badpass".
* The sudo manuals are now formatted using the mdoc macros. Versions
using the legacy man macros are provided for systems that lack mdoc.
* New support for Solaris privilege sets. This makes it possible
to specify fine-grained privileges in the sudoers file on Solaris
10 and above. A Runas_Spec that contains no Runas_Lists can be
used to give a user the ability to run a command as themselves
but with an expanded privilege set.
* Fixed a problem with the reboot and shutdown commands on some
systems (such as HP-UX and BSD). On these systems, reboot sends
all processes (except itself) SIGTERM. When sudo received
SIGTERM, it would relay it to the reboot process, thus killing
reboot before it had a chance to actually reboot the system.
* Support for using the System Security Services Daemon (SSSD) as
a source of sudoers data.
* Slovenian translation for sudo and sudoers from translationproject.org.
* Visudo will now warn about unknown Defaults entries that are
per-host, per-user, per-runas or per-command.
* Fixed a race condition that could cause sudo to receive SIGTTOU
(and stop) when resuming a shell that was run via sudo when I/O
logging (and use_pty) is not enabled.
* Sending SIGTSTP directly to the sudo process will now suspend the
running command when I/O logging (and use_pty) is not enabled.
More information about the sudo-announce
mailing list