[sudo-announce] sudo 1.8.6p8 released

Todd C. Miller Todd.Miller at courtesan.com
Sun Apr 14 14:05:25 MDT 2013

Sudo version 1.8.6p8 is now available.  See the list of major changes
below for details.


Binary packages:

For a list of download mirror sites, see:

Sudo web site:

Sudo web site mirrors:

Major changes between sudo 1.8.6p8 and 1.8.6p7:

 * Terminal detection now works properly on 64-bit AIX kernels.
   This was broken by the removal of the ttyname() fallback in Sudo
   1.8.6p6.  Sudo is now able to map an AIX 64-bit device number
   to the corresponding device file in /dev.

 * Sudo now checks for crypt() returning NULL when performing
   passwd-based authentication.

Major changes between sudo 1.8.6p7 and 1.8.6p6:

 * A time stamp file with the date set to the epoch by "sudo -k"
   is now completely ignored regardless of what the local clock is
   set to.  Previously, if the local clock was set to a value between
   the epoch and the time stamp timeout value, a time stamp reset
   by "sudo -k" would be considered current.
   This fix has security implications, for details see:

 * The tty-specific time stamp file now includes the session ID
   of the sudo process that created it.  If a process with the same
   tty but a different session ID runs sudo, the user will now be
   prompted for a password (assuming authentication is required for
   the command).
   This fix has security implications, for details see:

Major changes between sudo 1.8.6p6 and 1.8.6p5:

 * On systems where the controlling tty can be determined via /proc
   or sysctl(), sudo will no longer fall back to using ttyname()
   if the process has no controlling tty.  This prevents sudo from
   using a non-controlling tty for logging and time stamp purposes.
   This fix has security implications, for details see:

Major changes between sudo 1.8.6p5 and 1.8.6p4:

 * Fixed a potential crash in visudo's alias cycle detection.

 * Improved performance on Solaris when retrieving the group list
   for the target user.  On systems with a large number of groups
   where the group database is not local (NIS, LDAP, AD), fetching
   the group list could take a minute or more.

Major changes between sudo 1.8.6p4 and 1.8.6p3:

 * The -fstack-protector is now used when linking visudo, sudoreplay
   and testsudoers.

 * Avoid building PIE binaries on FreeBSD/ia64 as they don't run

 * Fixed a crash in visudo strict mode when an unknown Defaults
   setting is encountered.

 * Do not inform the user that the command was not permitted by the
   policy if they do not successfully authenticate. This is a
   regression introduced in sudo 1.8.6.

 * Allow sudo to be build with sss support without also including
   ldap support.

 * Fix running commands that need the terminal in the background
   when I/O logging is enabled. E.g. "sudo vi &". When the command
   is foregrounded, it will now resume properly.

Major changes between sudo 1.8.6p3 and 1.8.6p2:

 * Fixed post-processing of the man pages on systems with legacy
   versions of sed.

 * Fixed "sudoreplay -l" on Linux systems with file systems that
   set DT_UNKNOWN in the d_type field of struct dirent.

Major changes between sudo 1.8.6p2 and 1.8.6p1:

 * Fixed suspending a command after it has already been resumed
   once when I/O logging (or use_pty) is not enabled.
   This was a regression introduced in version 1.8.6.

Major changes between sudo 1.8.6p1 and 1.8.6:

 * Fixed the setting of LOGNAME, USER and USERNAME variables in the
   command's environment when env_reset is enabled (the default).
   This was a regression introduced in version 1.8.6.

 * Sudo now honors SUCCESS=return in /etc/nsswitch.conf.

Major changes between sudo 1.8.6 and 1.8.5p3:

 * Sudo is now built with the -fstack-protector flag if the the
   compiler supports it.  Also, the -zrelro linker flag is used if
   supported.  The --disable-hardening configure option can be used
   to build sudo without stack smashing protection.

 * Sudo is now built as a Position Independent Executable (PIE)
   if supported by the compiler and linker.

 * If the user is a member of the "exempt" group in sudoers, they
   will no longer be prompted for a password even if the -k flag
   is specified with the command.  This makes "sudo -k command"
   consistent with the behavior one would get if the user ran "sudo
   -k" immediately before running the command.

 * The sudoers file may now be a symbolic link.  Previously, sudo
   would refuse to read sudoers unless it was a regular file.

 * The sudoreplay command can now properly replay sessions where
   no tty was present.

 * The sudoers plugin now takes advantage of symbol visibility
   controls when supported by the compiler or linker.  As a result,
   only a small number of symbols are exported which significantly
   reduces the chances of a conflict with other shared objects.

 * Improved support for the Tivoli Directory Server LDAP client
   libraries.  This includes support for using LDAP over SSL (ldaps)
   as well as support for the BIND_TIMELIMIT, TLS_KEY and TLS_CIPHERS
   ldap.conf options.  A new ldap.conf option, TLS_KEYPW can be
   used to specify a password to decrypt the key database.

 * When constructing a time filter for use with LDAP sudoNotBefore
   and sudoNotAfter attributes, the current time now includes tenths
   of a second.  This fixes a problem with timed entries on Active

 * If a user fails to authenticate and the command would be rejected
   by sudoers, it is now logged with "command not allowed" instead
   of "N incorrect password attempts".  Likewise, the "mail_no_perms"
   sudoers option now takes precedence over "mail_badpass".

 * The sudo manuals are now formatted using the mdoc macros.  Versions
   using the legacy man macros are provided for systems that lack mdoc.

 * New support for Solaris privilege sets.  This makes it possible
   to specify fine-grained privileges in the sudoers file on Solaris
   10 and above.  A Runas_Spec that contains no Runas_Lists can be
   used to give a user the ability to run a command as themselves
   but with an expanded privilege set.

 * Fixed a problem with the reboot and shutdown commands on some
   systems (such as HP-UX and BSD).  On these systems, reboot sends
   all processes (except itself) SIGTERM.  When sudo received
   SIGTERM, it would relay it to the reboot process, thus killing
   reboot before it had a chance to actually reboot the system.

 * Support for using the System Security Services Daemon (SSSD) as
   a source of sudoers data.

 * Slovenian translation for sudo and sudoers from translationproject.org.

 * Visudo will now warn about unknown Defaults entries that are
   per-host, per-user, per-runas or per-command.

 * Fixed a race condition that could cause sudo to receive SIGTTOU
   (and stop) when resuming a shell that was run via sudo when I/O
   logging (and use_pty) is not enabled.

 * Sending SIGTSTP directly to the sudo process will now suspend the
   running command when I/O logging (and use_pty) is not enabled.

More information about the sudo-announce mailing list