[sudo-workers] Sudo 1.7.4b5 available

Todd C. Miller Todd.Miller at courtesan.com
Mon Jul 26 14:39:37 EDT 2010

The fifth and hopefully final beta release of Sudo version 1.7.4
is now available.  I expect to have a release candidate of 1.7.4
prepared within the next few days.

Download links:

Major changes between sudo 1.7.4b4 and 1.7.4b5:

 * Fixed a build problem on Solaris.

 * Fixed "sudo -i -u user" where user has no shell listed in the
   password database.

 * When logging I/O, sudo now handles pty read/write returning ENXIO,
   as seen on FreeBSD when the login session has been killed.

Major changes between sudo 1.7.4b3 and 1.7.4b4:

 * Documentation updates.

 * If pam is in use, wait until the process has finished before closing
   the PAM session.

 * The WHATSNEW file has been renamed to NEWS.

 * Compilation fix for mkstemps.c on some systems.

Major changes between sudo 1.7.4b2 and 1.7.4b3:

 * The tty_tickets option is now on by default.

 * Fixed a problem in the restoration of the AIX authdb registry setting.

Major changes between sudo 1.7.4b1 and 1.7.4b2:

 * Visudo will now treat an unrecognized Defaults entry as a parse
   error (sudo will warn but still run).

 * The HOME and MAIL environment variables are now reset based on
   the target user's password database entry when the env_reset
   sudoers option is enabled (which is the case in the default
   configuration).  Users wishing to preserve the original values
   should use a sudoers entry like:

	Defaults env_keep += HOME

   to preserve the old value of HOME and 

	Defaults env_keep += MAIL

   to preserve the old value of MAIL. 

 * Fixed a build problem with boottime.c on some systems.

Major changes between sudo 1.7.3 and 1.7.4b1:

 * Sudoedit will now preserve the file extension in the name of the
   temporary file being edited.  The extension is used by some
   editors (such as emacs) to choose the editing mode.

 * Time stamp files have moved from /var/run/sudo to either /var/db/sudo,
   /var/lib/sudo or /var/adm/sudo.  The directories are checked for
   existence in that order.  This prevents users from receiving the
   sudo lecture every time the system reboots.  Time stamp files older
   than the boot time are ignored on systems where it is possible to
   determine this.

 * Ancillary documentation (README files, LICENSE, etc) is now installed
   in a sudo documentation directory.

 * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile"
   in ldap.conf.

 * Defaults settings that are tied to a user, host or command may
   now include the negation operator.  For example:
	Defaults:!millert lecture
   will match any user but millert.

 * The default PATH environment variable, used when no PATH variable
    exists, now includes /usr/sbin and /sbin.

 * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/)
   for cross-platform packing.

 * On Linux, sudo will now restore the nproc resource limit before
   executing a command, unless the limit appears to have been modified
   by pam_limits.  This avoids a problem with bash scripts that open
   more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX)
   will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1).

More information about the sudo-workers mailing list