[sudo-workers] sudo 1.9.12b1 released

Todd C. Miller Todd.Miller at millert.dev
Fri Oct 7 14:12:57 MDT 2022 

The first beta version of sudo 1.9.12 is now available.

In addition to bug fixes, sudo 1.9.12 supports finer-grained I/O
logging controls.  Logging of standard input, output and error as
well as terminal input and output can now be configured separately.
Also, the sudo command has a new -N flag which can be used to avoid
updating the user's time stamp entry.

Source:
    https://www.sudo.ws/dist/beta/sudo-1.9.12b1.tar.gz
    ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.9.12b1.tar.gz

SHA256 checksum:
    6cdf6fc1f6d583a7c24f05b21a470dd0f7ca3ed6695810083065c92b0471e3ea

MD5 checksum:
    7ceffbcbce36de30ff1d0b43bda38bcf

Binary packages:
    https://www.sudo.ws/getting/beta_packages/

For a list of download mirror sites, see:
    https://www.sudo.ws/getting/download_mirrors/

Sudo web site:
    https://www.sudo.ws/

Major changes between sudo 1.9.12b1 and 1.9.11p3:

 * Fixed a bug in the ptrace-based intercept mode where the current
   working directory could include garbage at the end.

 * Fixed a compilation error on systems that lack the stdint.h
   header.  Bug #1035

 * Fixed a bug when logging the command's exit status in intercept
   mode.  The wrong command could be logged with the exit status.

 * For ptrace-based intercept mode, sudo will now attempt to
   verify that the command path name, arguments and environment
   have not changed from the time when they were authorized by the
   security policy.  The new "intercept_verify" sudoers setting can
   be used to control this behavior.

 * Fixed running commands with a relative path (e.g. ./foo) in
   intercept mode.  Previously, this would fail if sudo's current
   working directory was different from that of the command.

 * Sudo now supports passing the execve(2) system call the NULL
   pointer for the `argv` and/or `envp` arguments when in intercept
   mode.  Linux treats a NULL pointer like an empty array.

 * The sudoers LDAP schema now allows sudoUser, sudoRunasUser and
   sudoRunasGroup to include UTF-8 characters, not just 7-bit ASCII.

 * Fixed a problem with "sudo -i" on SELinux when the target user's
   home directory is not searchable by sudo.  GitHub issue #160.

 * Neovim has been added to the list of visudo editors that support
   passing the line number on the command line.

 * Fixed a bug in sudo's SHA384 and SHA512 message digest padding.

 * Added a new "-N" (--no-update) command line option to sudo which
   can be used to prevent sudo from updating the user's cached
   credentials.  It is now possible to determine whether or not a
   user's cached credentials are currently valid by running:

	$ sudo -Nnv

   and checking the exit value.  One use case for this is to indicate
   in a shell prompt that sudo is "active" for the user.

 * PAM approval modules are no longer invoked when running sub-commands
   in intercept mode unless the "intercept_authenticate" option is set.
   There is a substantial performance penalty for calling into PAM
   for each command run.  PAM approval modules are still called for
   the initial command.

 * Intercept mode on Linux now uses process_vm_readv(2) and
   process_vm_writev(2) if available.

 * The XDG_CURRENT_DESKTOP environment variable is now preserved
   by default.  This makes it possible for graphical applications
   to choose the correct theme when run via sudo.

 * On 64-bit systems, if sudo fails to load a sudoers group plugin,
   it will use system-specific heuristics to try to locate a 64-bit
   version of the plugin.

 * The cvtsudoers manual now documents the JSON and CSV output
   formats.  GitHub issue #172.

 * Fixed a bug where sub-commands were not being logged to a remote
   log server when log_subcmds was enabled.  GitHub issue #174.

 * The new log_stdin, log_stdout, log_stderr, log_ttyin, and log_ttyout
   sudoers settings can be used to support more fine-grained I/O logging.
   The sudo front-end no longer allocates a pseudo-terminal when running
   a command if the I/O logging plugin requests logging of stdin, stdout,
   or stderr but not terminal input/output.

 * Quieted a libgcrypt run-time initialization warning.
   This fixes Debian bug #1019428 and Ubuntu bug #1397663.

 * Fixed a bug in visudo that caused literal backslashes to be removed
   from the EDITOR environment variable.  GitHub issue #179.

 * The sudo Python plugin now implements the "find_spec" method instead
   of the the deprecated "find_module".  This fixes a test failure when
   a newer version of setuptools that doesn't include "find_module" is
   found on the system.

 * Fixed a bug introduced in sudo 1.9.9 where sudo_logsrvd created
   the process ID file, usually /var/run/sudo/sudo_logsrvd.pid, as
   a directory instead of a plain file.  The same bug could result
   in I/O log directories that end in six or more X's being created
   literally in addition to the name being used as a template for
   the mkdtemp(3) function.

 * Fixed a long-standing bug where a sudoers rule with a command
   line argument of "", which indicates the command may be run with
   no arguments, would also match a literal "" on the command line.
   GitHub issue #182.

 * Added the -I option to visudo which only edits the main sudoers
   file.  Include files are not edited unless a syntax error is found.

 * Fixed "sudo -l -U otheruser" output when the runas list is empty.
   Previously, sudo would list the invoking user instead of the
   list user.  GitHub issue #183.

 * Fixed the display of command tags and options in "sudo -l" output
   when the RunAs user or group changes.  A new line is started for
   RunAs changes which means we need to display the command tags
   and options again.  GitHub issue #184.

More information about the sudo-workers mailing list