[arch-dev-public] [signoff] sudo-1.7.0-1

Allan McRae allan at archlinux.org
Fri Dec 19 20:58:06 EST 2008 

Hi all,

This is a major upstream update so test away.

Allan


Major changes between version 1.6.9p19 and 1.7.0:

* Rewritten parser that converts sudoers into a set of data structures. 
This eliminates a number of ordering issues and makes it possible to 
apply sudoers Defaults entries before searching for the command. It also 
adds support for per-command Defaults specifications.

* Sudoers now supports a #include facility to allow the inclusion of 
other sudoers-format files.

* Sudo's -l (list) flag has been enhanced:
  - applicable Defaults options are now listed
  - a command argument can be specified for testing whether a user may 
run a specific command.
  - a new -U flag can be used in conjunction with sudo -l to allow root 
(or a user with sudo ALL) to list another user's privileges.

* A new -g flag has been added to allow the user to specify a primary 
group to run the command as. The sudoers syntax has been extended to 
include a group section in the Runas specification.

* A uid may now be used anywhere a username is valid.

* The secure_path run-time Defaults option has been restored.

* Password and group data is now cached for fast lookups.

* The file descriptor at which sudo starts closing all open files is now 
configurable via sudoers and, optionally, the command line.

* visudo will now warn about aliases that are defined but not used.

* The -i and -s command line flags now take an optional command to be 
run via the shell. Previously, the argument was passed to the shell as a 
script to run.

* Improved LDAP support. SASL authentication may now be used in 
conjunction when connecting to an LDAP server. The krb5_ccname parameter 
in ldap.conf may be used to enable Kerberos.

* Support for /etc/nsswitch.conf. LDAP users may now use nsswitch.conf 
to specify the sudoers order. E.g.:

      sudoers: ldap files

to check LDAP, then /etc/sudoers. The default is files, even when LDAP 
support is compiled in. This differs from sudo 1.6 where LDAP was always 
consulted first.

* Support for /etc/environment on AIX and Linux. If sudo is run with the 
-i flag, the contents of /etc/environment are used to populate the new 
environment that is passed to the command being run.

* Sudo now ignores user .ldaprc files as well as system LDAP defaults. 
All LDAP configuration is now in /etc/ldap.conf (or whichever file was 
specified by configure's --with-ldap-conf-file option). If you are using 
TLS, you may now need to specify:

      tls_checkpeer no

in sudo's ldap.conf unless ldap.conf references a valid certificate 
authority file(s).

* If no terminal is available or if the new -A flag is specified, sudo 
will use a helper program to read the password if one is configured. 
Typically, this is a graphical password prompter such as ssh-askpass.

* A new Defaults option, "mailfrom" that sets the value of the "From:" 
field in the warning/error mail. If unspecified, the login name of the 
invoking user is used.

* Resource limits are now set to the default value for the user the 
command is being run as on AIX systems.

* A new Defaults option, "env_file" that refers to a file containing 
environment variables to be set in the command being run.

* A new -n flag is available which may be used to indicate that sudo 
should not prompt the user for a password and, instead, exit with an 
error if authentication is required.

* A new Defaults option, "sudoers_locale" that can be used to set the 
locale to be used when parsing the sudoers file.

* sudoedit now checks the EDITOR and VISUAL environment variables to 
make sure sudoedit is not re-invoking itself (or sudo). This allows one 
to set EDITOR to sudoedit without getting into an infinite loop for 
programs that need to invoke an editor such as crontab(1). Also added 
SUDO_EDITOR environment variable which is used by sudoedit in preference 
to EDITOR/VISUAL.

* The versions of glob(3) and fnmatch(3) bundled with sudo now support 
POSIX character classes.

* If sudo needs to prompt for a password and it is unable to disable 
echo (and no askpass program is defined), it will refuse to run unless 
the "visiblepw" Defaults option has been specified.

* Prior to version 1.7.0, hitting enter/return at the Password: prompt 
would exit sudo. In sudo 1.7.0 and beyond, this is treated as an empty 
password. To exit sudo, the user must now press ^C or ^D at the prompt.

More information about the arch-dev-public mailing list