[sudo-announce] sudo 1.9.0 released

[Todd C. Miller]

Sudo 1.9.0 is now available.  This release of sudo contains major
changes, hence the shift from version 1.8.x to 1.9.x.

The biggest changes in sudo 1.9.0 are support for centralized I/O
logging, the new audit and approval plugins, and support for sudo
plugins written in Python.  Peter Czanik has written several blog
posts on the new sudo features which you can view at https://blog.sudo.ws/.

Two new binary packages, sudo-logsrvd and sudo-python, are also
available which contain the sudo log server and the Python plugin
framework respectively.  Like the traditional sudo binary packages,
these can be downloaded from https://www.sudo.ws/download.html#binary
or you can build your own.

Source:
    https://www.sudo.ws/dist/sudo-1.9.0.tar.gz
    ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.0.tar.gz

SHA256 checksum:
    ab231439c5dfdf4ecbef74f10d5f7e9686c2255c2f3887085b5c5e13281bf95c
MD5 checksum:
    060b91a6b171cb7ce587222664549b2c

Binary packages:
    https://www.sudo.ws/download.html#binary

For a list of download mirror sites, see:
    https://www.sudo.ws/download_mirrors.html

Sudo web site:
    https://www.sudo.ws/

Sudo web site mirrors:
    https://www.sudo.ws/mirrors.html

Major changes between sudo 1.9.0 and 1.8.31p1

 * Fixed a test failure in the strsig_test regress test on FreeBSD.

 * Sudo now includes a logging daemon, sudo_logsrvd, which can be
   used to implement centralized logging of I/O logs.  TLS connections
   are supported when sudo is configured with the --enable-openssl
   option.  For more information, see the sudo_logsrvd, logsrvd.conf
   and sudo_logsrv.proto manuals as well as the log_servers setting
   in the sudoers manual.

   The --disable-log-server and --disable-log-client configure
   options can be used to disable building the I/O log server and/or
   remote I/O log support in the sudoers plugin.

 * The new sudo_sendlog utility can be used to test sudo_logsrvd
   or send existing sudo I/O logs to a centralized server.

 * It is now possible to write sudo plugins in Python 3 when sudo
   is configured with the --enable-python option.  See the
   sudo_plugin_python manual for details.

   Sudo 1.9.0 comes with several Python example plugins that get
   installed sudo's examples directory.

   The sudo blog article "What's new in sudo 1.9: Python"
   (https://blog.sudo.ws/posts/2020/01/whats-new-in-sudo-1.9-python/)
   includes a simple tutorial on writing python plugins.

 * Sudo now supports an "audit" plugin type.  An audit plugin
   receives accept, reject, exit and error messages and can be used
   to implement custom logging that is independent of the underlying
   security policy.   Multiple audit plugins may be specified in
   the sudo.conf file.  A sample audit plugin is included that
   writes logs in JSON format.

 * Sudo now supports an "approval" plugin type.  An approval plugin
   is run only after the main security policy (such as sudoers) accepts
   a command to be run.  The approval policy may perform additional
   checks, potentially interacting with the user.  Multiple approval
   plugins may be specified in the sudo.conf file.  Only if all
   approval plugins succeed will the command be allowed.

 * Sudo's -S command line option now causes the sudo conversation
   function to write to the standard output or standard error instead
   of the terminal device.

 * It is now possible to use "Cmd_Alias" instead of "Cmnd_Alias" for
   people who find the former more natural.

 * The new "pam_ruser" and "pam_rhost" sudoers settings can be used
   to enable or disable setting the PAM remote user and/or host
   values during PAM session setup.

 * More than one SHA-2 digest may now be specified for a single
   command.  Multiple digests must be separated by a comma.

 * It is now possible to specify a SHA-2 digest in conjunction with
   the "ALL" reserved word in a command specification.  This allows
   one to give permission to run any command that matches the
   specified digest, regardless of its path.

 * Sudo and sudo_logsrvd now create an extended I/O log info file
   in JSON format that contains additional information about the
   command that was run, such as the host name.  The sudoreplay
   utility uses this file in preference to the legacy log file.

 * The sudoreplay utility can now match on a host name in list mode.
   The list output also now includes the host name if one is present
   in the log file.

 * For "sudo -i", if the target user's home directory does not
   exist, sudo will now warn about the problem but run the command
   in the current working directory.  Previously, this was a fatal
   error.  Debian bug #598519.

 * The command line arguments in the SUDO_COMMAND environment
   variable are now truncated at 4096 characters.  This avoids an
   "Argument list too long" error when executing a command with a
   large number of arguments.  Bug #923 (Debian bug #596631).

 * Sudo now properly ends the PAM transaction when the user
   authenticates successfully but sudoers denies the command.
   Debian bug #669687.

 * The sudoers grammar in the manual now indicates that "sudoedit"
   requires one or more arguments.  Debian bug #571621.

 * When copying the edited files to the original path, sudoedit now
   allocates any additional space needed before writing.  Previously,
   it could truncate the destination file if the file system was
   full.  Bug #922.

 * Fixed an issue where PAM session modules could be called with
   the wrong user name when multiple users in the passwd database
   share the the same user-ID.  Debian bug #734752.

 * Sudo command line options that take a value may only be specified
   once.  This is to help guard against problems caused by poorly
   written scripts that invoke sudo with user-controlled input.
   Bug #924.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://www.sudo.ws/pipermail/sudo-announce/attachments/20200511/1013cba2/attachment.bin>