[sudo-workers] sudo 1.8.8b3 available

Todd C. Miller Todd.Miller at courtesan.com
Tue Sep 3 20:40:08 MDT 2013

Hash: SHA1

The third beta version of sudo 1.8.8 is now available.


Binary packages:

Major changes between sudo 1.8.8b3 and 1.8.8b2:

 * Fixed a bug introduced in sudo 1.8.7 where the indexes written
   to the timing file were incorrect.  Sudoreplay includes a work
   around for replaying files written by sudo 1.8.7.

Major changes between sudo 1.8.8b2 and 1.8.8b1:

 * French translation for sudo from translationproject.org.

 * Sudo's noexec support on Mac OS X 10.4 and above now uses dynamic
   symbol interposition instead of setting DYLD_FORCE_FLAT_NAMESPACE=1
   which causes issues with some programs.

 * Fixed visudo's -q (--quiet) flag, broken in sudo 1.8.6.

 * Root may no longer change its SELinux role without entering a

Major changes between sudo 1.8.8b1 and 1.8.7:

 * Removed a warning on PAM systems with stacked auth modules
   where the first module on the stack does not succeed.

 * Sudo, sudoreplay and visudo now support GNU-style long options.

 * The -h (--host) option may now be used to specify a host name.
   This is currently only used by the sudoers plugin in conjunction
   with the -l (--list) option.

 * Program usage messages and manual SYNOPSIS sections have been

 * Sudo's LDAP SASL support now works properly with Kerberos.
   Previously, the SASL library was unable to locate the user's
   credential cache.

 * It is now possible to set the nproc resource limit to unlimited
   via pam_limits on Linux (bug #565).

 * New "pam_service" and "pam_login_service" sudoers options
   that can be used to specify the PAM service name to use.

 * New "pam_session" and "pam_setcred" sudoers options that
   can be used to disable PAM session and credential support.

 * The sudoers plugin now properly supports UIDs and GIDs
   that are larger than 0x7fffffff on 32-bit platforms.

 * Fixed a visudo bug introduced in sudo 1.8.7 where per-group
   Defaults entries would cause an internal error.

 * If the "tty_tickets" sudoers option is enabled (the default),
   but there is no tty present, sudo will now use a ticket file
   based on the parent process ID.  This makes it possible to support
   the normal timeout behavior for the session.

 * Fixed a problem running commands that change their process
   group and then attempt to change the terminal settings when not
   running the command in a pseudo-terminal.  Previously, the process
   would receive SIGTTOU since it was effectively a background
   process.  Sudo will now grant the child the controlling tty and
   continue it when this happens.

 * The "closefrom_override" sudoers option may now be used in
   a command-specified Defaults entry (bug #610).

 * Sudo's BSM audit support now works on Solaris 11.

 * Brazilian Portuguese translation for sudo and sudoers from
Version: GnuPG v1.4.13 (OpenBSD)


More information about the sudo-workers mailing list