[arch-dev-public] [signoff] sudo-1.7.3-1

Allan McRae allan at archlinux.org
Thu Jul 1 06:55:46 EDT 2010

Upstream update.

Major changes between sudo 1.7.2p8 and 1.7.3:

  * Support for logging I/O for the command being run.
    For more information, see the documentation for the "log_input"
    and "log_output" Defaults options in the sudoers manual.  Also
    see the sudoreplay manual for how to replay I/O log sessions.

  * The use_pty sudoers option can be used to force a command to be
    run in a pseudo-pty, even when I/O logging is not enabled.

  * On some systems, sudo can now detect when a user has logged out
    and back in again when tty-based time stamps are in use.  Supported
    systems include Solaris systems with the devices file system,
    Mac OS X, and Linux systems with the devpts filesystem (pseudo-ttys

  * On AIX systems, the registry setting in /etc/security/user is
    now taken into account when looking up users and groups.  Sudo
    now applies the correct the user and group ids when running a
    command as a user whose account details come from a different
    source (e.g. LDAP or DCE vs.  local files).

  * Support for multiple 'sudoers_base' and 'uri' entries in ldap.conf.
    When multiple entries are listed, sudo will try each one in the
    order in which they are specified.

  * Sudo's SELinux support should now function correctly when running
    commands as a non-root user and when one of stdin, stdout or stderr
    is not a terminal.

  * Sudo will now use the Linux audit system with configure with
    the --with-linux-audit flag.

  * Sudo now uses mbr_check_membership() on systems that support it
    to determine group membership.  Currently, only Darwin (Mac OS X)
    supports this.

  * When the tty_tickets sudoers option is enabled but there is no
    terminal device, sudo will no longer use or create a tty-based
    ticket file.  Previously, sudo would use a tty name of "unknown".
    As a consequence, if a user has no terminal device, sudo will
    now always prompt for a password.

  * The passwd_timeout and timestamp_timeout options may now be
    specified as floating point numbers for more granular timeout

  * Negating the fqdn option in sudoers now works correctly when sudo
    is configured with the --with-fqdn option.  In previous versions
    of sudo the fqdn was set before sudoers was parsed.

More information about the arch-dev-public mailing list