sudo 1.6.8 beta 1 is now available

Todd C. Miller Todd.Miller at
Sun May 16 18:58:26 EDT 2004

The first beta version of sudo 1.6.8 is now available.  There will
some changes between now and the final release but they should be

The biggest changes between 1.6.7p5 and 1.6.8b1 are:

 o Inclusion of LDAP support from Aaron Spangler.

 o A new "sudoedit" command (aka sudo -e) to give edit access to
   users without worrying about them starting a shell.

 o A "noexec" flag for dynamic binaries that will disable the
   ability to execute other programs.

You can ftp 1.6.8b1 from:

Major changes from version 1.6.7p5 to 1.6.8b1:

 o Fixed a problem on FreeBSD when the user is only listed in NIS
   (not master.passwd) and netgroups are used in the master.passwd file. 

 o BSD-style warn/err functions are now used throughout. 

 o Fixed the --with-stow configure option. 

 o Added a "sudo_lecture" option that points to a file containing a
   custom lecture. 

 o The username in a log entry is no longer truncated at 8 characters. 

 o A new tag, NOEXEC, will prevent a dynamically-linked program
   being run by sudo from executing another program (think shell
   escapes). Because this uses LD_PRELOAD it has no effect on static

 o TIS fwtk authentication now supports fwtk 2.0 and higher. 

 o Sudo will now try to stat the command to be run as the user
   specified by the -u flag if the stat fails as root. Fixes an NFS

 o Added Stan Lee / Uncle Ben quote to the lecture from RedHat. 

 o Added a -i option to simulate an initial login similar to "su -". 

 o Added a -e option to edit files the with uid of the invoking
   user. This prevents the user from editing other files or running
   commands as the target user. If sudo is run as "sudoedit" the
   -e flag is implied.

 o If sudo is used to run as root shell, further sudo commands will
   be logged as run by the user specified by the SUDO_USER environment
   variable. In -e mode (sudoedit), SUDO_USER is used to determine
   what user to run the editor when the real uid is 0.

 o New support for LDAP-based sudoers including TLS-based LDAP. 

 o Added the --with-pc-insults configure to replace politically
   incorrect insults with other ones.

 o A uid specified in sudoers now matches the user specified by the
   -u flag even if the -u flag specified a name, not a uid.

More information about the sudo-workers mailing list