Date: Mon, 14 Jan 2002 07:44:02 -0700 From: Todd C. Miller To: email@example.com Subject: Sudo version 1.6.4 now available Sudo version 1.6.4 is now available (ftp sites listed at the end). There are some thing I had promised for the next release that are not in 1.6.4 due to the large changes in the parser that these changes require to work properly. Nonetheless this release does fix the majority of problems in the sudo bugs database and adds features a number of people have asked for. I hope to make more frequent releases in the near future (it has been quite a while since 1.6.3 was originally released). - todd Major changes since 1.6.3p7: o Visudo now checks for the existence of an editor and gives a sensible error if it does not exist. o The path to the editor for visudo is now a colon-separated list of allowable editors. If the user has $EDITOR set and it matches one of the allowed editors that editor will be used. If not, the first editor that actually exists is used. o Allow special characters (including '#') to be embedded in pathnames if quoted by a '\\'. The quoted chars will be dealt with by fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'. o Added the always_set_home option. o Strip NLSPATH and PATH_LOCALE out from the environment to prevent reading of protected files by a less privileged user. o Added support for BSD authentication and associated -a flag. o Added stay_setuid option for systems that have libraries that perform extra paranoia checks in system libraries for setuid programs. o Environment munging is now done by hand. The environment is zeroed upon sudo startup and a new environment is built before the command is executed. This means we don't rely on getenv(3), putenv(3), or setenv(3). o Added a class of environment variables that are only cleared if they contain '/' or '%' characters. o Use stashed user_gid when checking against exempt gid since sudo sets its gid to SUDOERS_GID, making getgid() return that, not the real gid. Fixes problem with setting exempt group == SUDOERS_GID. o Regenerated configure script with autoconf-2.52 (required some tweaking of configure.in and friends). o Added mail_badpass option to send mail when the user does not authenticate successfully. o Added env_reset Defaults option to reset the environment to a clean slate. Also implemented env_keep Defaults option to specify variables to be preserved when resetting the environment. o Added env_check and env_delete Defaults options to allow the admin to modify the builtin list of environment variables to remove. o If timestamp_timeout (Los Angeles, California, USA) http://mirage.informationwave.net/sudo/ (Fanwood, New Jersey, USA) http://www.c0r3dump.com/sudo/ (Edmonton, Canada) http://sudo.cdu.elektra.ru/ (Russia) Master FTP sites: ftp.sudo.ws:/pub/sudo/ ftp.cs.colorado.edu:/pub/sudo/ FTP Mirrors: ftp.cs.colorado.edu:/pub/sudo/ (Boulder, Colorado, USA) ftp.stikman.com:/pub/sudo/ (Los Angeles, California, USA) ftp.uu.net:/pub/security/sudo/ (Falls Church, Virginia, USA) ftp.tux.org:/pub/security/sudo/ (Beltsville, Maryland, USA) coast.cs.purdue.edu:/pub/tools/unix/sysutils/sudo/ (West Lafayette, Indiana, USA) ftp.uwsg.indiana.edu:/pub/sudo/ (Bloomington, Indiana, USA) sudobash.com:/pub/sudo/ (Ypsilanti, Michigan, USA) ftp.tamu.edu:/pub/mirrors/ftp.courtesan.com/ (College Station, Texas, USA) ftp.rge.com:/pub/admin/sudo/ (Rochester, New York, USA) mirage.informationwave.net:/sudo/ (Fanwood, New Jersey, USA) ftp.wiretapped.net:/pub/security/host-security/sudo/ (Australia) ftp.tuwien.ac.at:/utils/admin-tools/sudo/ (Austria) sunsite.ualberta.ca:/pub/Mirror/sudo/ (Alberta, Canada) ftp.csc.cuhk.edu.hk:/pub/packages/unix-tools/sudo/ (Hong Kong, China) ftp.eunet.cz:/pub/security/sudo/ (Czechoslovakia) ftp.umds.ac.uk:/pub/sudo/ (Great Britain) ftp.tvi.tut.fi:/pub/security/unix/sudo/ (Finland) ftp.lps.ens.fr:/pub/software/sudo/ (France) ftp.crihan.fr:/pub/security/sudo/ (France) ftp.rz.uni-osnabrueck.de:/pub/unix/security/sudo/ (Germany) ftp.win.ne.jp:/pub/misc/sudo/ (Japan) ftp.st.ryukoku.ac.jp:/pub/security/tool/sudo/ (Japan) ftp.eos.hokudai.ac.jp:/pub/misc/sudo/ (Japan) ftp.tokyonet.ad.jp:/pub/security/sudo/ (Japan) ftp.kobe-u.ac.jp:/pub/util/security/tool/sudo/ (Japan) ftp.cin.nihon-u.ac.jp:/pub/util/sudo/ (Japan) ftp.fujitsu.co.jp:/pub/misc/sudo/ (Japan) core.ring.gr.jp:/pub/misc/sudo/ (Japan) ftp.ring.gr.jp:/pub/misc/sudo/ (Japan) ftp.ayamura.org:/pub/sudo/ (Japan) ftp.iphil.net:/pub/sudo/ (Makati City, Philippines) ftp.icm.edu.pl:/vol/wojsyl5/sudo/ (Poland) ftp.assist.ro:/pub/mirrors/ftp.courtesan.com/pub/sudo/ (Romania) ftp.sai.msu.su:/pub/unix/security/ (Russia) ftp.cdu.elektra.ru:/pub/unix/security/sudo/ (Russia) ftp.mc.hik.se:/pub/unix/security/sudo/ (Sweden) ftp.sekure.net:/pub/sudo/ (Sweden) ftp.edu.tw:/UNIX/sudo/ (Taiwan) ftp.comu.edu.tr:/pub/linux/prog/sudo/ (Turkey) ____________________________________________________________ sudo-announce mailing list For list information, options, or to unsubscribe, visit: http://www.sudo.ws/mailman/listinfo/sudo-announce
January 15, 2002
Sudo version 1.6.4 now available
Author: JT Smith
"[T]his release does fix the majority of problems in the sudo bugs database and adds features a number of people have asked for. I hope to make more frequent releases in the near future (it has been quite a while since 1.6.3 was originally released)."