sudo 1.6.7 beta1 now available

Todd C. Miller Todd.Miller at
Sun Mar 16 23:03:14 EST 2003

The first beta of sudo 1.6.7 is now available.  Sudo 1.6.7 is
basically frozen except for configure-related issues.

The following changes have been made since 1.6.6:

 o Wildcards now work correctly in an "env_keep" Defaults directive.

 o The owner of the timestamp directory is now configurable.

 o Sudo now supports the SecurID 5.0 API.

 o Sudo now saves and restores the state of signal handlers.
   This fixes a problem using sudo with the nohup command.

 o Sudo now uses setresuid() if it exists to properly support the
   "stay_setuid" Defaults directive.

 o In strict mode sudo did not throw an error for undefined
   User_Aliases, now it does.

 o Write the prompt "after" turning off echo to avoid some password
   characters being echoed on heavily-loaded machines with fast typists.

 o Added "%U" and "%H" escapes in the prompt and fixed treatment of "%%".

 o Visudo will now add a final newline to sudoers if the user's editor
   not add one before EOF.

 o Added support for Defaults that apply based on the RunasUser.

 o Sudo now includes copies of strlc{at,py} and uses them throughout.

 o Sudo is now careful to avoid interger overflow when allocating
   memory.  This is one of those "should not happen" situations.

 o Added a configure option (--with-stow) to make sudo compatible
   with GNU stow.

 o auth/kerb5.c now compiles under Heimdal (but is untested).

 o The volatile prefix is used in the hopes of preventing compilers
   from optimizing away memory zeroing.  Unfortunately, this results
   in some warnings from gcc.

You may download the tarball from:

If someone could test the modified kerb5 authentication that would
be great.  Also, if someone knows of a good way to deal with all
the different flavors of kerberos 4/5 (and the different include
file locations, library locations, and actual library files required
to link) I'd love some sage advice on the matter.  It seems like
just about every vendor puts this stuff in a different place (and
many have different libraries that need to be linked with).

 - todd

More information about the sudo-workers mailing list