1What's new in Sudo 1.7.10p7? 2 3 * A time stamp file with the date set to the epoch by "sudo -k" 4 is now completely ignored regardless of what the local clock is 5 set to. Previously, if the local clock was set to a value between 6 the epoch and the time stamp timeout value, a time stamp reset 7 by "sudo -k" would be considered current. 8 9 * Fixed the sudo exit status when "sudo -l command" is run. 10 This is a regression introduced in version 1.7.10. 11 12What's new in Sudo 1.7.10p6? 13 14 * Fixed the restoration of SIGINT, SIGQUIT and SIGTSTP. This 15 is a regression introduced in version 1.7.10p4. 16 17 * The tty-specific time stamp file now includes the session ID 18 of the sudo process that created it. If a process with the same 19 tty but a different session ID runs sudo, the user will now be 20 prompted for a password (assuming authentication is required for 21 the command). 22 23What's new in Sudo 1.7.10p5? 24 25 * On systems where the controlling tty can be determined via /proc 26 or sysctl(), sudo will no longer fall back to using ttyname() 27 if the process has no controlling tty. This prevents sudo from 28 using a non-controlling tty for logging and time stamp purposes. 29 30 * Fixed a potential crash in visudo's alias cycle detection. 31 32What's new in Sudo 1.7.10p4? 33 34 * Avoid building PIE binaries on FreeBSD/ia64 as they don't run 35 properly. 36 37 * Fixed a crash in visudo strict mode when an unknown Defaults 38 setting is encountered. 39 40 * Do not inform the user that the command was not permitted by the 41 policy if they do not successfully authenticate. This is a 42 regression introduced in sudo 1.7.10. 43 44 * Fix running commands that need the terminal in the background 45 when I/O logging is enabled. E.g. "sudo vi &". When the command 46 is foregrounded, it will now resume properly. 47 48What's new in Sudo 1.7.10p3? 49 50 * Fixed post-processing of the man pages on systems with legacy 51 versions of sed. 52 53 * Fixed "sudoreplay -l" on Linux systems with file systems that 54 set DT_UNKNOWN in the d_type field of struct dirent. 55 56What's new in Sudo 1.7.10p2? 57 58 * Fixed suspending a command after it has already been resumed 59 once when I/O logging (or use_pty) is not enabled. 60 This was a regression introduced in version 1.7.10. 61 62What's new in Sudo 1.7.10p1? 63 64 * Fixed the setting of LOGNAME, USER and USERNAME variables in the 65 command's environment when env_reset is enabled (the default). 66 This was a regression introduced in version 1.7.10. 67 68 * Sudo now honors SUCCESS=return in /etc/nsswitch.conf. 69 70What's new in Sudo 1.7.10? 71 72 * Sudo is now built with the -fstack-protector flag if the the 73 compiler supports it. Also, the -zrelro linker flag is used if 74 supported. The --disable-hardening configure option can be used 75 to build sudo without stack smashing protection. 76 77 * Sudo is now built as a Position Independent Executable (PIE) 78 if supported by the compiler and linker. 79 80 * If the user is a member of the "exempt" group in sudoers, they 81 will no longer be prompted for a password even if the -k flag 82 is specified with the command. This makes "sudo -k command" 83 consistent with the behavior one would get if the user ran "sudo 84 -k" immediately before running the command. 85 86 * The sudoers file may now be a symbolic link. Previously, sudo 87 would refuse to read sudoers unless it was a regular file. 88 89 * The user/group/mode checks on sudoers files have been relaxed. 90 As long as the file is owned by the sudoers uid, not world-writable 91 and not writable by a group other than the sudoers gid, the file 92 is considered OK. Note that visudo will still set the mode to 93 the value specified at configure time. 94 95 * /etc/environment is no longer read directly on Linux systems 96 when PAM is used. Sudo now merges the PAM environment into the 97 user's environment which is typically set by the pam_env module. 98 99 * The initial evironment created when env_reset is in effect now 100 includes the contents of /etc/environment on AIX systems and the 101 "setenv" and "path" entries from /etc/login.conf on BSD systems. 102 103 * On systems with an SVR4-style /proc file system, the /proc/pid/psinfo 104 file is now uses to determine the controlling terminal, if possible. 105 This allows tty-based tickets to work properly even when, e.g. 106 standard input, output and error are redirected to /dev/null. 107 108 * The output of "sudoreplay -l" is now sorted by file name (or 109 sequence number). Previously, entries were displayed in the 110 order in which they were found on the file system. 111 112 * The sudoreplay command can now properly replay sessions where 113 no tty was present. 114 115 * Sudo now behaves properly when I/O logging is enabled and the 116 controlling terminal is revoked (e.g. the running sshd is killed). 117 Previously, sudo may have exited without calling the I/O plugin's 118 close function which can lead to an incomplete I/O log. 119 120 * Sudo can now detect when a user has logged out and back in again 121 on Solaris 11, just like it can on Solaris 10. 122 123 * The built-in zlib included with Sudo has been upgraded to version 124 1.2.6. 125 126 * Setting the SSL parameter to start_tls in ldap.conf now works 127 properly when using Mozilla-based SDKs that support the 128 ldap_start_tls_s() function. 129 130 * The TLS_CHECKPEER parameter in ldap.conf now works when the 131 Mozilla NSS crypto backend is used with OpenLDAP. 132 133 * Improved support for the Tivoli Directory Server LDAP client 134 libraries. This includes support for using LDAP over SSL (ldaps) 135 as well as support for the BIND_TIMELIMIT, TLS_KEY and TLS_CIPHERS 136 ldap.conf options. A new ldap.conf option, TLS_KEYPW can be 137 used to specify a password to decrypt the key database. 138 139 * Fixed a crash introduced in version 1.7.7 when "sudo -s" is 140 specified with a command. 141 142 * If a user fails to authenticate and the command would be rejected 143 by sudoers, it is now logged with "command not allowed" instead 144 of "N incorrect password attempts". Likewise, the "mail_no_perms" 145 sudoers option now takes precedence over "mail_badpass". 146 147 * The sudo manuals are now formatted using the mdoc macros. Versions 148 using the legacy man macros are provided for systems that lack mdoc. 149 150 * Fixed a problem with the reboot and shutdown commands on some 151 systems (such as HP-UX and BSD). On these systems, reboot sends 152 all processes (except itself) SIGTERM. When sudo received 153 SIGTERM, it would relay it to the reboot process, thus killing 154 reboot before it had a chance to actually reboot the system. 155 156 * Visudo will now warn about unknown Defaults entries that are 157 per-host, per-user, per-runas or per-command. 158 159 * When constructing a time filter for use with LDAP sudoNotBefore 160 and sudoNotAfter attributes, the current time now includes tenths 161 of a second. This fixes a problem with timed entries on Active 162 Directory. 163 164 * Fixed a race condition that could cause sudo to receive SIGTTOU 165 (and stop) when resuming a shell that was run via sudo when I/O 166 logging (and use_pty) is not enabled. 167 168 * Sending SIGTSTP directly to the sudo process will now suspend the 169 running command when I/O logging (and use_pty) is not enabled. 170 171What's new in Sudo 1.7.9p1? 172 173 * Fixed a bug when matching against an IP address with an associated 174 netmask in the sudoers file. In certain circumstances, this 175 could allow users to run commands on hosts they are not authorized 176 for. 177 178What's new in Sudo 1.7.9? 179 180 * Fixed a false positive in visudo strict mode when aliases are 181 in use. 182 183 * The line on which a syntax error is reported in the sudoers file 184 is now more accurate. Previously it was often off by a line. 185 186 * The #include and #includedir directives in sudoers now support 187 relative paths. If the path is not fully qualified it is expected 188 to be located in the same directory of the sudoers file that is 189 including it. 190 191 * visudo will now fix the mode on the sudoers file even if no changes 192 are made unless the -f option is specified. 193 194 * The "use_loginclass" sudoers option works properly again. 195 196 * For LDAP-based sudoers, values in the search expression are now 197 escaped as per RFC 4515. 198 199 * Fixed a race condition when I/O logging is not enabled that could 200 result in tty-generated signals (e.g. control-C) being received 201 by the command twice. 202 203 * If none of the standard input, output or error are connected to 204 a tty device, sudo will now check its parent's standard input, 205 output or error for the tty name on systems with /proc and BSD 206 systems that support the KERN_PROC_PID sysctl. This allows 207 tty-based tickets to work properly even when, e.g. standard 208 input, output and error are redirected to /dev/null. 209 210 * Fixed a bug where a pattern like "/usr/*" included /usr/bin/ in 211 the results, which would be incorrectly be interpreted as if the 212 sudoers file had specified a directory. 213 214 * "visudo -c" will now list any include files that were checked 215 in addition to the main sudoers file when everything parses OK. 216 217 * Users that only have read-only access to the sudoers file may 218 now run "visudo -c". Previously, write permissions were required 219 even though no writing is down in check-only mode. 220 221What's new in Sudo 1.7.8p2? 222 223 * Fixed a crash in the monitor process on Solaris when NOPASSWD 224 was specified or when authentication was disabled. 225 226What's new in Sudo 1.7.8p1? 227 228 * Fixed matching of a Runas_Alias in the group section of a 229 Runas_Spec. 230 231What's new in Sudo 1.7.8? 232 233 * Sudo will now use PAM by default on AIX 6 and higher. 234 235 * Added --enable-werror configure option for gcc's -Werror flag. 236 237 * Visudo no longer assumes all editors support the +linenumber 238 command line argument. It now uses a whitelist of editors known 239 to support the option. 240 241 * Fixed matching of network addresses when a netmask is specified 242 but the address is not the first one in the CIDR block. 243 244 * The configure script now check whether or not errno.h declares 245 the errno variable. Previously, sudo would always declare errno 246 itself for older systems that don't declare it in errno.h. 247 248 * The NOPASSWD tag is now honored for denied commands too, which 249 matches historic sudo behavior (prior to sudo 1.7.0). 250 251 * Sudo now honors the "DEREF" setting in ldap.conf which controls 252 how alias dereferencing is done during an LDAP search. 253 254 * Using the -n option may in conjunction with the -v or -l option 255 no longer results in a usage error. 256 257 * The LOGNAME, USER and USERNAME environment variables are preserved 258 correctly again in sudoedit mode. 259 260What's new in Sudo 1.7.7 261 262 * I/O logging is now supported for commands run in background mode 263 (using sudo's -b flag). 264 265 * Group ownership of the sudoers file is now only enforced when 266 the file mode on sudoers allows group readability or writability. 267 268 * Visudo now checks the contents of an alias and warns about cycles 269 when the alias is expanded. 270 271 * If the user specifes a group via sudo's -g option that matches 272 the target user's group in the password database, it is now 273 allowed even if no groups are present in the Runas_Spec. 274 275 * "sudo -i command" now works correctly with the bash version 276 2.0 and higher. Previously, the .bash_profile would not be 277 sourced prior to running the command unless bash was built with 278 NON_INTERACTIVE_LOGIN_SHELLS defined. 279 280 * Multi-factor authentication is now supported on AIX. 281 282 * Added support for non-RFC 4517 compliant LDAP servers that require 283 that seconds be present in a timestamp, such as Tivoli Directory Server. 284 285 * If the group vector is to be preserved, the PATH search for the 286 command is now done with the user's original group vector. 287 288 * For LDAP-based sudoers, the "runas_default" sudoOption now works 289 properly in a sudoRole that contains a sudoCommand. 290 291 * Spaces in command line arguments for "sudo -s" and "sudo -i" are 292 now escaped with a backslash when checking the sudoers file. 293 294What's new in Sudo 1.7.6p2 295 296 * Two-character CIDR-style IPv4 netmasks are now matched correctly 297 in the sudoers file. 298 299 * A build error with MIT Kerberos V has been resolved. 300 301What's new in Sudo 1.7.6p1 302 303 * A non-existent includedir is now treated the same as an empty 304 directory and not reported as an error. 305 306 * Removed extraneous parens in LDAP filter when sudoers_search_filter 307 is enabled that can cause an LDAP search error. 308 309What's new in Sudo 1.7.6? 310 311 * A new LDAP setting, sudoers_search_filter, has been added to 312 ldap.conf. This setting can be used to restrict the set of 313 records returned by the LDAP query. Based on changes from Matthew 314 Thomas. 315 316 * White space is now permitted within a User_List when used in 317 conjunction with a per-user Defaults definition. 318 319 * A group ID (%#gid) may now be specified in a User_List or Runas_List. 320 Likewise, for non-Unix groups the syntax is %:#gid. 321 322 * Support for double-quoted words in the sudoers file has been fixed. 323 The change in 1.7.5 for escaping the double quote character 324 caused the double quoting to only be available at the beginning 325 of an entry. 326 327 * The fix for resuming a suspended shell in 1.7.5 caused problems 328 with resuming non-shells on Linux. Sudo will now save the process 329 group ID of the program it is running on suspend and restore it 330 when resuming, which fixes both problems. 331 332 * A bug that could result in corrupted output in "sudo -l" has been 333 fixed. 334 335What's new in Sudo 1.7.5? 336 337 * When using visudo in check mode, a file named "-" may be used to 338 check sudoers data on the standard input. 339 340 * Sudo now only fetches shadow password entries when using the 341 password database directly for authentication. 342 343 * Password and group entries are now cached using the same key 344 that was used to look them up. This fixes a problem when looking 345 up entries by name if the name in the retrieved entry does not 346 match the name used to look it up. This may happen on some systems 347 that do case insensitive lookups or that truncate long names. 348 349 * GCC will no longer display warnings on glibc systems that use 350 the warn_unused_result attribute for write(2) and other system calls. 351 352 * If a PAM account management module denies access, sudo now prints 353 a more useful error message and stops trying to validate the user. 354 355 * Fixed a potential hang on idle systems when the sudo-run process 356 exits immediately. 357 358 * Sudo now includes a copy of zlib that will be used on systems 359 that do not have zlib installed. 360 361 * The --with-umask-override configure flag has been added to enable 362 the "umask_override" sudoers Defaults option at build time. 363 364 * Sudo now unblocks all signals on startup to avoid problems caused 365 by the parent process changing the default signal mask. 366 367 * LDAP Sudoers entries may now specify a time period for which 368 the entry is valid. This requires an updated sudoers schema 369 that includes the sudoNotBefore and sudoNotAfter attributes. 370 Support for timed entries must be explicitly enabled in the 371 ldap.conf file. Based on changes from Andreas Mueller. 372 373 * LDAP Sudoers entries may now specify a sudoOrder attribute that 374 determines the order in which matching entries are applied. The 375 last matching entry is used, just like file-based sudoers. This 376 requires an updated sudoers schema that includes the sudoOrder 377 attribute. Based on changes from Andreas Mueller. 378 379 * When run as sudoedit, or when given the -e flag, sudo now treats 380 command line arguments as pathnames. This means that slashes 381 in the sudoers file entry must explicitly match slashes in 382 the command line arguments. As a result, and entry such as: 383 user ALL = sudoedit /etc/* 384 will allow editing of /etc/motd but not /etc/security/default. 385 386 * NETWORK_TIMEOUT is now an alias for BIND_TIMELIMIT in ldap.conf for 387 compatibility with OpenLDAP configuration files. 388 389 * The LDAP API TIMEOUT parameter is now honored in ldap.conf. 390 391 * The I/O log directory may now be specified in the sudoers file. 392 393 * Sudo will no longer refuse to run if the sudoers file is writable 394 by root. 395 396 * Sudo now performs command line escaping for "sudo -s" and "sudo -i" 397 after validating the command so the sudoers entries do not need 398 to include the backslashes. 399 400 * Logging and email sending are now done in the locale specified 401 by the "sudoers_locale" setting ("C" by default). Email send by 402 sudo now includes MIME headers when "sudoers_locale" is not "C". 403 404 * The configure script has a new option, --disable-env-reset, to 405 allow one to change the default for the sudoers Default setting 406 "env_reset" at compile time. 407 408 * When logging "sudo -l command", sudo will now prepend "list " 409 to the command in the log line to distinguish between an 410 actual command invocation in the logs. 411 412 * Double-quoted group and user names may now include escaped double 413 quotes as part of the name. Previously this was a parse error. 414 415 * Sudo once again restores the state of the signal handlers it 416 modifies before executing the command. This allows sudo to be 417 used with the nohup command. 418 419 * Resuming a suspended shell now works properly when I/O logging 420 is not enabled (the I/O logging case was already correct). 421 422What's new in Sudo 1.7.4p6? 423 424 * A bug has been fixed in the I/O logging support that could cause 425 visual artifacts in full-screen programs such as text editors. 426 427What's new in Sudo 1.7.4p5? 428 429 * A bug has been fixed that would allow a command to be run without the 430 user entering a password when sudo's -g flag is used without the -u flag. 431 432 * If user has no supplementary groups, sudo will now fall back on checking 433 the group file explicitly, which restores historic sudo behavior. 434 435 * A crash has been fixed when sudo's -g flag is used without the -u flag 436 and the sudoers file contains an entry with no runas user or group listed. 437 438 * A crash has been fixed when the Solaris project support is enabled 439 and sudo's -g flag is used without the -u flag. 440 441 * Sudo no longer exits with an error when support for auditing is 442 compiled in but auditing is not enabled. 443 444 * Fixed a bug introduced in sudo 1.7.3 where the ticket file was not 445 being honored when the "targetpw" sudoers Defaults option was enabled. 446 447 * The LOG_INPUT and LOG_OUTPUT tags in sudoers are now parsed correctly. 448 449 * A crash has been fixed in "sudo -l" when sudo is built with auditing 450 support and the user is not allowed to run any commands on the host. 451 452What's new in Sudo 1.7.4p4? 453 454 * A potential security issue has been fixed with respect to the handling 455 of sudo's -g command line option when -u is also specified. The flaw 456 may allow an attacker to run commands as a user that is not authorized 457 by the sudoers file. 458 459 * A bug has been fixed where "sudo -l" output was incomplete if multiple 460 sudoers sources were defined in nsswitch.conf and there was an error 461 querying one of the sources. 462 463 * The log_input, log_output, and use_pty sudoers options now work correctly 464 on AIX. Previously, sudo would hang if they were enabled. 465 466 * The "make install" target now works correctly when sudo is built in a 467 directory other than the source directory. 468 469 * The "runas_default" sudoers setting now works properly in a per-command 470 Defaults line. 471 472 * Suspending and resuming the bash shell when PAM is in use now works 473 correctly. The SIGCONT signal was not propagated to the child process. 474 475What's new in Sudo 1.7.4p3? 476 477 * A bug has been fixed where duplicate HOME environment variables could be 478 present when the env_reset setting was disabled and the always_set_home 479 setting was enabled in sudoers. 480 481 * The value of sysconfdir is now substituted into the path to the sudoers.d 482 directory in the installed sudoers file. 483 484 * Compilation problems on IRIX and other platforms have been fixed. 485 486 * If multiple PAM "auth" actions are specified and the user enters ^C at 487 the password prompt, sudo will no longer prompt for a password for any 488 subsequent "auth" actions. Previously it was necessary to enter ^C for 489 each "auth" action. 490 491What's new in Sudo 1.7.4p2? 492 493 * A bug where sudo could spin in a busy loop waiting for the child process 494 has been fixed. 495 496What's new in Sudo 1.7.4p1? 497 498 * A bug introduced in sudo 1.7.3 that prevented the -k and -K options from 499 functioning when the tty_tickets sudoers option is enabled has been fixed. 500 501 * Sudo no longer prints a warning when the -k or -K options are specified 502 and the ticket file does not exist. 503 504 * It is now easier to cross-compile sudo. 505 506What's new in Sudo 1.7.4? 507 508 * Sudoedit will now preserve the file extension in the name of the 509 temporary file being edited. The extension is used by some 510 editors (such as emacs) to choose the editing mode. 511 512 * Time stamp files have moved from /var/run/sudo to either /var/db/sudo, 513 /var/lib/sudo or /var/adm/sudo. The directories are checked for 514 existence in that order. This prevents users from receiving the 515 sudo lecture every time the system reboots. Time stamp files older 516 than the boot time are ignored on systems where it is possible to 517 determine this. 518 519 * The tty_tickets sudoers option is now enabled by default. 520 521 * Ancillary documentation (README files, LICENSE, etc) is now installed 522 in a sudo documentation directory. 523 524 * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile" 525 in ldap.conf. 526 527 * Defaults settings that are tied to a user, host or command may 528 now include the negation operator. For example: 529 Defaults:!millert lecture 530 will match any user but millert. 531 532 * The default PATH environment variable, used when no PATH variable 533 exists, now includes /usr/sbin and /sbin. 534 535 * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/) 536 for cross-platform packing. 537 538 * On Linux, sudo will now restore the nproc resource limit before 539 executing a command, unless the limit appears to have been modified 540 by pam_limits. This avoids a problem with bash scripts that open 541 more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX) 542 will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1). 543 544 * The HOME and MAIL environment variables are now reset based on the 545 target user's password database entry when the env_reset sudoers option 546 is enabled (which is the case in the default configuration). Users 547 wishing to preserve the original values should use a sudoers entry like: 548 Defaults env_keep += HOME 549 to preserve the old value of HOME and 550 Defaults env_keep += MAIL 551 to preserve the old value of MAIL. 552 553 * Fixed a problem in the restoration of the AIX authdb registry setting. 554 555 * Sudo will now fork(2) and wait until the command has completed before 556 calling pam_close_session(). 557 558 * The default syslog facility is now "authpriv" if the operating system 559 supports it, else "auth". 560 561What's new in Sudo 1.7.3? 562 563 * Support for logging I/O for the command being run. 564 For more information, see the documentation for the "log_input" 565 and "log_output" Defaults options in the sudoers manual. Also 566 see the sudoreplay manual for how to replay I/O log sessions. 567 568 * The use_pty sudoers option can be used to force a command to be 569 run in a pseudo-pty, even when I/O logging is not enabled. 570 571 * On some systems, sudo can now detect when a user has logged out 572 and back in again when tty-based time stamps are in use. Supported 573 systems include Solaris systems with the devices file system, 574 Mac OS X, and Linux systems with the devpts filesystem (pseudo-ttys 575 only). 576 577 * On AIX systems, the registry setting in /etc/security/user is 578 now taken into account when looking up users and groups. Sudo 579 now applies the correct the user and group ids when running a 580 command as a user whose account details come from a different 581 source (e.g. LDAP or DCE vs. local files). 582 583 * Support for multiple 'sudoers_base' and 'uri' entries in ldap.conf. 584 When multiple entries are listed, sudo will try each one in the 585 order in which they are specified. 586 587 * Sudo's SELinux support should now function correctly when running 588 commands as a non-root user and when one of stdin, stdout or stderr 589 is not a terminal. 590 591 * Sudo will now use the Linux audit system with configure with 592 the --with-linux-audit flag. 593 594 * Sudo now uses mbr_check_membership() on systems that support it 595 to determine group membership. Currently, only Darwin (Mac OS X) 596 supports this. 597 598 * When the tty_tickets sudoers option is enabled but there is no 599 terminal device, sudo will no longer use or create a tty-based 600 ticket file. Previously, sudo would use a tty name of "unknown". 601 As a consequence, if a user has no terminal device, sudo will 602 now always prompt for a password. 603 604 * The passwd_timeout and timestamp_timeout options may now be 605 specified as floating point numbers for more granular timeout 606 values. 607 608 * Negating the fqdn option in sudoers now works correctly when sudo 609 is configured with the --with-fqdn option. In previous versions 610 of sudo the fqdn was set before sudoers was parsed. 611 612What's new in Sudo 1.7.2? 613 614 * A new #includedir directive is available in sudoers. This can be 615 used to implement an /etc/sudo.d directory. Files in an includedir 616 are not edited by visudo unless they contain a syntax error. 617 618 * The -g option did not work properly when only setting the group 619 (and not the user). Also, in -l mode the wrong user was displayed 620 for sudoers entries where only the group was allowed to be set. 621 622 * Fixed a problem with the alias checking in visudo which 623 could prevent visudo from exiting. 624 625 * Sudo will now correctly parse the shell-style /etc/environment 626 file format used by pam_env on Linux. 627 628 * When doing password and group database lookups, sudo will only 629 cache an entry by name or by id, depending on how the entry was 630 looked up. Previously, sudo would cache by both name and id 631 from a single lookup, but this breaks sites that have multiple 632 password or group database names that map to the same uid or 633 gid. 634 635 * User and group names in sudoers may now be enclosed in double 636 quotes to avoid having to escape special characters. 637 638 * BSM audit fixes when changing to a non-root uid. 639 640 * Experimental non-Unix group support. Currently only works with 641 Quest Authorization Services and allows Active Directory groups 642 fixes for Minix-3. 643 644 * For Netscape/Mozilla-derived LDAP SDKs the certificate and key 645 paths may be specified as a directory or a file. However, version 646 5.0 of the SDK only appears to support using a directory (despite 647 documentation to the contrary). If SSL client initialization 648 fails and the certificate or key paths look like they could be 649 default file name, strip off the last path element and try again. 650 651 * A setenv() compatibility fix for Linux systems, where a NULL 652 value is treated the same as an empty string and the variable 653 name is checked against the NULL pointer. 654 655What's new in Sudo 1.7.1? 656 657 * A new Defaults option "pwfeedback" will cause sudo to provide visual 658 feedback when the user is entering a password. 659 660 * A new Defaults option "fast_glob" will cause sudo to use the fnmatch() 661 function for file name globbing instead of glob(). When this option 662 is enabled, sudo will not check the file system when expanding wildcards. 663 This is faster but a side effect is that relative paths with wildcard 664 will no longer work. 665 666 * New BSM audit support for systems that support it such as FreeBSD 667 and Mac OS X. 668 669 * The file name specified with the #include directive may now include 670 a %h escape which is expanded to the short form of hostname. 671 672 * The -k flag may now be specified along with a command, causing the 673 user's timestamp file to be ignored. 674 675 * New support for Tivoli-based LDAP START_TLS, present in AIX. 676 677 * New support for /etc/netsvc.conf on AIX. 678 679 * The unused alias checks in visudo now handle the case of an alias 680 referring to another alias. 681 682What's new in Sudo 1.7.0? 683 684 * Rewritten parser that converts sudoers into a set of data structures. 685 This eliminates a number of ordering issues and makes it possible to 686 apply sudoers Defaults entries before searching for the command. 687 It also adds support for per-command Defaults specifications. 688 689 * Sudoers now supports a #include facility to allow the inclusion of other 690 sudoers-format files. 691 692 * Sudo's -l (list) flag has been enhanced: 693 o applicable Defaults options are now listed 694 o a command argument can be specified for testing whether a user 695 may run a specific command. 696 o a new -U flag can be used in conjunction with "sudo -l" to allow 697 root (or a user with "sudo ALL") list another user's privileges. 698 699 * A new -g flag has been added to allow the user to specify a 700 primary group to run the command as. The sudoers syntax has been 701 extended to include a group section in the Runas specification. 702 703 * A uid may now be used anywhere a username is valid. 704 705 * The "secure_path" run-time Defaults option has been restored. 706 707 * Password and group data is now cached for fast lookups. 708 709 * The file descriptor at which sudo starts closing all open files is now 710 configurable via sudoers and, optionally, the command line. 711 712 * Visudo will now warn about aliases that are defined but not used. 713 714 * The -i and -s command line flags now take an optional command 715 to be run via the shell. Previously, the argument was passed 716 to the shell as a script to run. 717 718 * Improved LDAP support. SASL authentication may now be used in 719 conjunction when connecting to an LDAP server. The krb5_ccname 720 parameter in ldap.conf may be used to enable Kerberos. 721 722 * Support for /etc/nsswitch.conf. LDAP users may now use nsswitch.conf 723 to specify the sudoers order. E.g.: 724 sudoers: ldap files 725 to check LDAP, then /etc/sudoers. The default is "files", even 726 when LDAP support is compiled in. This differs from sudo 1.6 727 where LDAP was always consulted first. 728 729 * Support for /etc/environment on AIX and Linux. If sudo is run 730 with the -i flag, the contents of /etc/environment are used to 731 populate the new environment that is passed to the command being 732 run. 733 734 * If no terminal is available or if the new -A flag is specified, 735 sudo will use a helper program to read the password if one is 736 configured. Typically, this is a graphical password prompter 737 such as ssh-askpass. 738 739 * A new Defaults option, "mailfrom" that sets the value of the 740 "From:" field in the warning/error mail. If unspecified, the 741 login name of the invoking user is used. 742 743 * A new Defaults option, "env_file" that refers to a file containing 744 environment variables to be set in the command being run. 745 746 * A new flag, -n, may be used to indicate that sudo should not 747 prompt the user for a password and, instead, exit with an error 748 if authentication is required. 749 750 * If sudo needs to prompt for a password and it is unable to disable 751 echo (and no askpass program is defined), it will refuse to run 752 unless the "visiblepw" Defaults option has been specified. 753 754 * Prior to version 1.7.0, hitting enter/return at the Password: prompt 755 would exit sudo. In sudo 1.7.0 and beyond, this is treated as 756 an empty password. To exit sudo, the user must press ^C or ^D 757 at the prompt. 758 759 * visudo will now check the sudoers file owner and mode in -c (check) 760 mode when the -s (strict) flag is specified. 761 762 * A new Defaults option "umask_override" will cause sudo to set the 763 umask specified in sudoers even if it is more permissive than the 764 invoking user's umask. 765