From Todd.Miller at courtesan.com Tue Jul 17 11:32:17 2007 From: Todd.Miller at courtesan.com (Todd C. Miller) Date: Tue, 17 Jul 2007 11:32:17 -0400 Subject: [sudo-announce] Sudo version 1.6.9 now available Message-ID: <200707171532.l6HFWHpC031777@tex.courtesan.com> After a long wait, Sudo version 1.6.9 is now available. Version 1.6.9 incorporates a number of features of the Sudo 1.7 development branch and fixes several bugs. Major changes since Sudo 1.6.8p12: o The env_reset option is enabled by default. Commands run through sudo now receive a minimal environment with certain variables passed through and/or checked. The list of variables allowed is configurable via the env_keep and env_check options in sudoers. o The new -E option will preserve the environment if the SETENV tag is set for the command or if the setenv sudoers option is enabled. o Environment variables may now be set on the command line in the form VAR=value. They are subject to the same restrictions as normal environment variables. If the SETENV tag is set for the command or if the setenv sudoers option is enabled, the user may set variables that would overwise be forbidden. o Fixed a file descriptor leak when the lecture file option is enabled. o Expanded the list of potentially unsafe variables to remove from the environment if the env_reset option is disabled. o PAM is now the default on systems that support it. o Removed POSIX saved uid use; the stay_setuid option now requires the setreuid() or setresuid() functions to work. o Reworked configure with up to date autoconf and libtool. o PAM fixes. If the user enters ^C at the password prompt, abort instead of trying to authenticate with an empty password (which causes an annoying delay). Also Call pam_open_session() and pam_close_session() to give pam_limits a chance to run. o Security fix for Kerberos5. If we cannot get a valid service key using the default keytab it is a fatal error. Now uses krb5_verify_user() and krb5_init_secure_context() if they are available. o Fixed securid5 authentication. o Added fcntl F_CLOSEM support to closefrom(). o Added NOEXEC support for AIX 5.3. o Sudo now uses the supplemental group vector for matching. This fixes problems with split group lines in /etc/group as well as multiple group sources in nsswitch.conf. o Mail from sudo now includes an Auto-Submitted: auto-generated header ala rfc 3834. o Remove the --with-execv option, it was not useful. o Use TCSADRAIN instead of TCSAFLUSH in tgetpass() since some operating systems have issues with TCSAFLUSH. o Use glob(3) instead of fnmatch(3) for matching pathnames and stat() each result that matches the basename of the user's command. This makes "cd /usr/bin ; sudo ./blah" work when sudoers allows /usr/bin/blah. o Reworked the syslog long line splitting code. o Sudo can now with deal more than 32 network interfaces on Solaris. o Visudo will now honor command line arguments in the EDITOR or VISUAL environment variables if env_editor is enabled. o LDAP now honors rootbinddn, timelimit and bind_timelimit in /etc/ldap.conf. o For LDAP, do a sub tree search instead of a base search (one level in the tree only) for sudo right objects. This allows system administrators to categorize the rights in a tree to make them easier to manage. o Added support for Solaris 10 project resource limits. o The sudoers2ldif script now parses Runas users. o The -- flag on the command line now behaves as documented. o sudo -k/-K no longer prints an error if the timestamp is in the future. o When searching for a command, sudo now uses the effective gid of the runas user. o Sudo no longer updates the timestamp if the user was not validated by the sudoers file. Download links: http://www.sudo.ws/sudo/dist/sudo-1.6.9.tar.gz ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9.tar.gz For a list of download mirror sites, see: http://www.sudo.ws/sudo/download.html Sudo web site: http://www.sudo.ws/sudo/ Sudo web site mirrors: http://www.sudo.ws/sudo/mirrors.html From Todd.Miller at courtesan.com Thu Jul 26 10:42:56 2007 From: Todd.Miller at courtesan.com (Todd C. Miller) Date: Thu, 26 Jul 2007 10:42:56 -0400 Subject: [sudo-announce] Sudo version 1.6.9p1 now available Message-ID: <200707261442.l6QEgu5Z026112@tex.courtesan.com> Sudo version 1.6.9p1 is now available. This is a bug fix release. Major changes since Sudo 1.6.9: o Worked around a bug ins some PAM implementations that caused a crash when no tty was present. o Fixed a crash on some platforms in the error logging function. o Documentation improvements. Download links: http://www.sudo.ws/sudo/dist/sudo-1.6.9p1.tar.gz ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p1.tar.gz For a list of download mirror sites, see: http://www.sudo.ws/sudo/download.html Sudo web site: http://www.sudo.ws/sudo/ Sudo web site mirrors: http://www.sudo.ws/sudo/mirrors.html From Todd.Miller at courtesan.com Mon Jul 30 19:16:50 2007 From: Todd.Miller at courtesan.com (Todd C. Miller) Date: Mon, 30 Jul 2007 19:16:50 -0400 Subject: [sudo-announce] Sudo version 1.6.9p2 now available Message-ID: <200707302316.l6UNGo7q010823@tex.courtesan.com> Sudo version 1.6.9p2 is now available. This is a bug fix release. Major changes since Sudo 1.6.9p1: o Fixed a potential crash when updating the environment. Download links: http://www.sudo.ws/sudo/dist/sudo-1.6.9p2.tar.gz ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p2.tar.gz For a list of download mirror sites, see: http://www.sudo.ws/sudo/download.html Sudo web site: http://www.sudo.ws/sudo/ Sudo web site mirrors: http://www.sudo.ws/sudo/mirrors.html