sudo 1.6.8 beta 1 is now available
Todd C. Miller
Todd.Miller at courtesan.com
Sun May 16 18:58:26 EDT 2004
The first beta version of sudo 1.6.8 is now available. There will
some changes between now and the final release but they should be
The biggest changes between 1.6.7p5 and 1.6.8b1 are:
o Inclusion of LDAP support from Aaron Spangler.
o A new "sudoedit" command (aka sudo -e) to give edit access to
users without worrying about them starting a shell.
o A "noexec" flag for dynamic binaries that will disable the
ability to execute other programs.
You can ftp 1.6.8b1 from:
Major changes from version 1.6.7p5 to 1.6.8b1:
o Fixed a problem on FreeBSD when the user is only listed in NIS
(not master.passwd) and netgroups are used in the master.passwd file.
o BSD-style warn/err functions are now used throughout.
o Fixed the --with-stow configure option.
o Added a "sudo_lecture" option that points to a file containing a
o The username in a log entry is no longer truncated at 8 characters.
o A new tag, NOEXEC, will prevent a dynamically-linked program
being run by sudo from executing another program (think shell
escapes). Because this uses LD_PRELOAD it has no effect on static
o TIS fwtk authentication now supports fwtk 2.0 and higher.
o Sudo will now try to stat the command to be run as the user
specified by the -u flag if the stat fails as root. Fixes an NFS
o Added Stan Lee / Uncle Ben quote to the lecture from RedHat.
o Added a -i option to simulate an initial login similar to "su -".
o Added a -e option to edit files the with uid of the invoking
user. This prevents the user from editing other files or running
commands as the target user. If sudo is run as "sudoedit" the
-e flag is implied.
o If sudo is used to run as root shell, further sudo commands will
be logged as run by the user specified by the SUDO_USER environment
variable. In -e mode (sudoedit), SUDO_USER is used to determine
what user to run the editor when the real uid is 0.
o New support for LDAP-based sudoers including TLS-based LDAP.
o Added the --with-pc-insults configure to replace politically
incorrect insults with other ones.
o A uid specified in sudoers now matches the user specified by the
-u flag even if the -u flag specified a name, not a uid.
More information about the sudo-workers