[sudo-workers] sudo 1.9.0rc5 released

Todd C. Miller Todd.Miller at sudo.ws
Fri May 8 21:08:52 MDT 2020


The fifth release candidate of sudo 1.9.0 is now available.
The sudo 1.9.0 final release is scheduled for early next week.

This version of sudo contains some major changes which is reflected
by the change from version 1.8.x to 1.9.x.  The biggest changes in
sudo 1.9.0 are support for centralized I/O logging and sudo plugins
written in Python.  Peter Czanik has written several blog posts on
the new sudo features which you can view at https://blog.sudo.ws/.

Source:
    https://www.sudo.ws/dist/beta/sudo-1.9.0rc5.tar.gz
    ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.9.0rc5.tar.gz

SHA256 checksum:
    e8f79c4b672d0068e6c1f78f011f53b9e9de30a6cf63006e0a64c4bef827a970

MD5 checksum:
    146cbff69f5e5b209247453e9f440ee2

Binary packages:
    https://www.sudo.ws/dist/beta/packages/index.html#binary

For a list of download mirror sites, see:
    https://www.sudo.ws/download_mirrors.html

Sudo web site:
    https://www.sudo.ws/

Sudo web site mirrors:
    https://www.sudo.ws/mirrors.html

Major changes between sudo 1.9.0rc4 and 1.9.0rc5:

 * The default TLS listener is now only enabled when either
   the TLS certificate file is explicitly specified in sudo_logsrvd.conf
   or the default TLS certificate file exists in the file system.
   There is no change in behavior for listen_address entries
   explicitly set in the configuration file.

Major changes between sudo 1.9.0rc3 and 1.9.0rc4:

 * Debian sudo-python packages now include a dependency on the
   correct version of libpython.

 * Various spelling fixes.  Bug #925.

 * The struct passwd passed to PAM session modules is now looked
   up by user name, not user-ID, when possible.  Fixes a problem with
   the pam_limits module and configurations where multiple user names
   share the same ID.  Debian bug #734752.

 * Sudo command line options that take a value may only be specified
   once.  This is to help guard against problems caused by poorly
   written scripts that invoke sudo with user-controlled input.
   Bug #924.

Major changes between sudo 1.9.0rc2 and 1.9.0rc3:

 * The sudo-logsrvd package now installs a systemd service on
   Linux distros that use systemd.

 * The I/O plugin is now closed before the policy plugin on command exit.

 * When copying the edited files to the original path, sudoedit now
   allocates any additional space needed before writing.  Previously,
   it could truncate the destination file if the file system was full.
   Bug #922.

 * Fixed a compilation issue with Python 3.8.

 * Changed how TLS connections are made to the log server.  Instead
   of using a "starttls" type approach where TLS and plaintext
   connections share the same point we now use separate ports for
   plaintext and TLS connections.  A "(tls)" flag can be specified
   after the "host:port" to indicate that the connection should be
   secured with TLS.  This avoids a potention man-in-the-middle attack
   that could cause the connection to be forced into plaintext mode.
   Unfortunately, this change breaks compatibility with the previous
   release candidates.

Major changes between sudo 1.9.0rc1 and 1.9.0rc2:

 * The example Python plugins now work correctly with Python 3.4.

Major changes between sudo 1.9.0b5 and 1.9.0rc1:

 * The sudo_logsrvd daemon and python plugin now have their
   own packages.  Currently, the sudo-python package is only
   built for Linux.

 * For "sudo -i", if the target user's home directory does not
   exist, sudo will now warn about the problem but run the command
   in the current working directory.  Previously, this was a fatal
   error.  Debian bug #598519.

 * The command line arguments in the SUDO_COMMAND environment
   variable are now truncated at 4096 characters.  This avoids an
   "Argument list too long" error when executing a command with a
   large number of arguments.  Debian bug #596631.

 * Sudo now properly ends the PAM transaction when the user
   authenticates successfully but sudoers denies the command.
   Debian bug #669687.

 * The sudoers grammar in the manual now indicates that "sudoedit"
   requires one or more arguments.  Debian bug #571621.

 * The sample sudo_logsrvd.conf file is now installed if one does
   not already exist.

 * The python plugin can now be built with Python 3.4.

 * Assorted sudo_logsrvd bug fixes.

Major changes between sudo 1.9.0b4 and 1.9.0b5:

 * Sudo once again ignores a failure to restore the RLIMIT_CORE
   resource limit, as it did prior to version 1.8.29.  Linux
   containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY
   if we set the limit to zero, even for root, which resulted in a
   warning from sudo.

 * In sudo_logsrvd, disable server-side validation of the server
   certificate if the OpenSSL version is too old to have functions
   such as SSL_CTX_get0_certificate().  This allows sudo_logsrvd
   to build on Solaris 11.3 with the system version of OpenSSL.

 * The sudoers plugin and sudo_logsrvd now write an extended I/O
   log info file in JSON format.  This will make it easier to add
   extra logging data in the future.

 * The sudoreplay utility will now read the extended I/O log info
   file if it exists.  This allows matching based on the host name
   in list mode.  The list output now also includes the host name
   if one is present in the log file.

 * sudo_logsrvd now stores a pid file in the sudo run directory.

 * sudo_logsrvd now exits with an error if it cannot bind to any
   of the specified listen sockets.

 * The sudo binary packages now include a service script for
   starting sudo_logsrvd.

 * Updated translations from translationproject.org.

Major changes between sudo 1.9.0b3 and 1.9.0b4:

 * It is now possible to use "Cmd_Alias" instead of "Cmnd_Alias"
   in sudoers for people who find the former more natural.

 * The new "pam_ruser" and "pam_rhost" sudoers settings can be used
   to enable or disable setting the PAM remote user and/or host
   values during PAM session setup.

 * More than one SHA-2 digest may now be specified for a single
   command. Multiple digests must be separated by a comma.

 * It is now possible to specify a SHA-2 digest in conjunction with
   the "ALL" reserved word in a command specification. This allows
   one to give permission to run any command that matches the
   specified digest, regardless of its path.

Major changes between sudo 1.9.0b2 and 1.9.0b3:

 * Added the --disable-log-server and --disable-log-client configure
   options.  These can be used to optionally disable building
   sudo_logsrvd and support for remote I/O logging in the sudoers
   plugin respectively.

 * "sudo -S" now overrides the SUDO_CONV_PREFER_TTY flag.

 * Python plugin updates.

Major changes between sudo 1.9.0b1 and 1.9.0b2:

 * Implemented support for "audit" plugins in sudo.  An audit plugin
   receives accept, reject and error messages and can be used to
   implement custom logging that is independent of the underlying
   security policy.   Multiple audit plugins may be specified in
   the sudo.conf file.  A sample audit plugin is included that can
   produce logs in JSON format.

 * Implemented support for approval plugins in sudo.  An approval
   plugin is run only after the main security policy (such as
   sudoers) accepts a command to be run.  The approval policy may
   perform additional checks, potentially interacting with the user.
   Multiple approval plugins may be specified in the sudo.conf file.
   Only if all approval plugins succeed will the command be allowed.

 * Python bindings have been implemented for the audit and approval
   plugins.

 * Fixed a problem with the log server client where the TLS handshake
   might fail but a short-lived command could still be run.

 * The sudo_logsrvd daemon now supports logging in JSON format in
   addition to traditional sudo-style logs.

Major changes between sudo 1.8.31 and 1.9.0b1:

 * Sudo now includes a logging daemon, sudo_logsrvd, which can
   be used to implement centralized logging of I/O logs.  TLS
   connections are supported when sudo is configured with the
   "--enable-openssl" option.  For more information, see the
   sudo_logsrvd, sudo_logsrvd.conf and sudo_logsrv.proto manuals.

 * The sudoers plugin can be configured to send logs to sudo_logsrvd.
   See the "log_servers", "log_server_timeout" and "log_server_keepalive"
   settings in the sudoers manual.

   TLS connections are supported when sudo is configured with the
   "--enable-openssl" option.  TLS can be configured using the
   "log_server_cabundle", "log_server_peer_cert", and "log_server_peer_key"
   settings in the sudoers manual.

 * The new sudo_sendlog utility can be used to test sudo_logsrvd
   or send existing sudo I/O logs to a centralized server.

 * It is now possible to write sudo plugins in Python when sudo is
   configured with the --enable-python option.  See the sudo_plugin_python
   manual for details.

   Sudo 1.9.0 comes with several Python example plugins that get
   installed sudo's examples directory.

   The sudo blog article "What's new in sudo 1.9: Python"
   (https://blog.sudo.ws/posts/2020/01/whats-new-in-sudo-1.9-python/)
   includes a simple tutorial on writing python plugins.

 * Avoid checking the internal signal SIGLWP in strsig_test on
   FreeBSD.  This fixes a "make check" failure on FreeBSD.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://www.sudo.ws/pipermail/sudo-workers/attachments/20200508/e4861a82/attachment.bin>


More information about the sudo-workers mailing list