[sudo-workers] sudo 1.9.10b2 released
Todd C. Miller
Todd.Miller at sudo.ws
Sat Feb 19 10:56:32 MST 2022
The second beta version of sudo 1.9.10 is now available.
In addition to bug fixes, sudo 1.9.10 introduces support for using
regular expressions in the sudoers file. Either the command, the
arguments, or both may be (separate) regular expressions.
Source:
https://www.sudo.ws/dist/beta/sudo-1.9.10b2.tar.gz
ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.9.10b2.tar.gz
SHA256 checksum:
175b6c850a48851fda32cdda2c60831958a5884ac43c474f130c11dc62be3d96
MD5 checksum:
e7563674dfcdfd74d834d9a59a643681
Binary packages:
https://www.sudo.ws/getting/beta_packages/
For a list of download mirror sites, see:
https://www.sudo.ws/getting/download_mirrors/
Sudo web site:
https://www.sudo.ws/
Major changes between sudo 1.9.10b2 and 1.9.10b1:
* A user may now only run "sudo -U otheruser -l" if they have a
"sudo ALL" privilege where the RunAs user contains either "root"
or "otheruser". Previously, having "sudo ALL" was sufficient,
regardless of the RunAs user. GitHub issue #134.
* Documentation updates.
* Fixed a bug in the heuristic used to decide when to disable
password filtering when "log_input" is enabled and "log_passwords"
is disabled. Also added regession tests for password filtering.
* Updated translations from translationproject.org.
Major changes between sudo 1.9.10b1 and 1.9.9:
* Added new "log_passwords" and "passprompt_regex" sudoers options.
If "log_passwords" is disabled, sudo will attempt to prevent passwords
from being logged. If sudo detects any of the regular expressions in
the "passprompt_regex" list in the terminal output, sudo will log '*'
characters instead of the terminal input until a newline or carriage
return is found in the input or an output character is received.
* Added new "log_passwords" and "passprompt_regex" settings to
sudo_logsrvd that operate like the sudoers options when logging
terminal input.
* Fixed several few bugs in the cvtsudoers utility when merging
multiple sudoers sources.
* Fixed a bug in sudo_logsrvd when parsing the sudo_logsrvd.conf
file, where the "retry_interval" in the [relay] section was not
being recognized.
* Restored the pre-1.9.9 behavior of not performing authentication
when sudo's -n option is specified. A new "noninteractive_auth"
sudoers option has been added to enable PAM authentication in
non-interactive mode. GitHub issue #131.
* On systems with /proc, if the /proc/self/stat (Linux) or
/proc/pid/psinfo (other systems) file is missing or invalid,
sudo will now check file descriptors 0-2 to determine the user's
terminal. Bug #1020.
* Fixed a compilation problem on Debian kFreeBSD. Bug #1021.
* Fixed a crash in sudo_logsrvd when running in relay mode if
an alert message is received.
* Fixed an issue that resulting in "problem with defaults entries"
email to be sent if a user ran sudo when the sudoers entry in
the nsswitch.conf file includes "sss" but no sudo provider is
configured in /etc/sssd/sssd.conf. Bug #1022.
* Removed the text "This incident will be reported." from warnings
when the invoking user is not listed in sudoers. This warning
is confusing to users and may not be accurate now that the email
settings are configurable in the sudoers file. GitHub issue #48.
* Fixed a bug where the user-specified command timeout was not
being honored if the sudoers rule did not also specify a timeout.
* Added support for using POSIX extended regular expressions in
sudoers rules. A command and/or arguments in sudoers are treated
as a regular expression if they start with a '^' character and
end with a '$'. The command and arguments are matched separately,
either one (or both) may be a regular expression.
Bug #578, GitHub issue #15.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.sudo.ws/pipermail/sudo-workers/attachments/20220219/0bcaa6bd/attachment.bin>
More information about the sudo-workers
mailing list