[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]


   RPMs Built and Announced at about Mon Jan 14 08:49:36 2002.

   sudo-1.6.4-1.src.rpm                                  350828
   sudo-1.6.4-1rh71.i386.rpm                             144906

   Main archive is located at ftp://ftp.falsehope.com/pub/sudo
   Mirror locations and build machine information listed below.

   RPMs are built with rpm version 4.0.2.
   Required programs listed are either updates or are not in the default
   RedHat 7.1 installation.

Name        : sudo                         Relocations: (not relocateable)
Version     : 1.6.4                             Vendor: Todd Miller <Todd Miller courtesan com>
Release     : 1                             Build Date: Mon 14 Jan 2002 08:48:10 AM CST
Install date: Mon 14 Jan 2002 08:49:11 AM CST      Build Host: hellstone.grantgeo.com
Group       : Applications/System           Source RPM: sudo-1.6.4-1.src.rpm
Size        : 278258                           License: BSD
Distribution: FalseHope RPMs
Packager    : Ryan Weaver <ryanw falsehope com>
URL         : http://www.courtesan.com/sudo
Summary     : Allows restricted root access for specified users.
Description :
Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
as root while logging all commands and arguments. Sudo operates on a
per-command basis.  It is not a replacement for the shell.  Features
include: the ability to restrict what commands a user may run on a
per-host basis, copious logging of each command (providing a clear
audit trail of who did what), a configurable timeout of the sudo
command, and the ability to use the same configuration file (sudoers)
on many different machines.

   Standard Red Hat 7.1 installation

* Mon Jan 14 2002 Ryan Weaver <ryanw infohwy com>

- Visudo now checks for the existence of an editor and gives a sensible
  error if it does not exist.
- The path to the editor for visudo is now a colon-separated list of
  allowable editors.  If the user has $EDITOR set and it matches
  one of the allowed editors that editor will be used.  If not,
  the first editor that actually exists is used.
- Visudo now does its own fork/exec instead of calling system(3).
- Allow special characters (including '#') to be embedded in pathnames
  if quoted by a '\\'.  The quoted chars will be dealt with by fnmatch().
  Unfortunately, 'sudo -l' still prints the '\\'.
- Added the always_set_home option.
- Strip NLSPATH and PATH_LOCALE out from the environment to prevent
  reading of protected files by a less privileged user.
- Added support for BSD authentication and associated -a flag.
- Added check for _innetgr(3) since NCR systems have this instead
  of innetgr(3).
- Added stay_setuid option for systems that have libraries that perform
  extra paranoia checks in system libraries for setuid programs.
- Environment munging is now done by hand.  The environment is zeroed
  upon sudo startup and a new environment is built before the command
  is executed.  This means we don't rely on getenv(3), putenv(3),
  or setenv(3).
- Added a class of environment variables that are only cleared if they
  contain '/' or '%' characters.
- Use stashed user_gid when checking against exempt gid since sudo
  sets its gid to SUDOERS_GID, making getgid() return that, not the
  real gid.  Fixes problem with setting exempt group == SUDOERS_GID.
  Fix from Paul Kranenburg.
- Fixed file locking in visudo on NeXT which has a broken lockf().
  Patch from twetzel gwdg de 
- Regenerated configure script with autoconf-2.52 (required some
  tweaking of configure.in and friends).
- Added mail_badpass option to send mail when the user does not
  authenticate successfully.
- Added env_reset Defaults option to reset the environment to
  a clean slate.  Also implemented env_keep Defaults option
  to specify variables to be preserved when resetting the
- Added env_check and env_delete Defaults options to allow the admin
  to modify the builtin list of environment variables to remove.
- If timestamp_timeout < 0 then the timestamp never expires.  This
  allows users to manage their own timestamps and create or delete
  them via 'sudo -v' and 'sudo -k' respectively.
- Authentication routines that use sudo's tgetpass() now accept
  ^C or ^Z at the password prompt and sudo will act appropriately.
- Added a check-only mode to visudo to check an existing sudoers
  file for sanity.
- Visudo can now edit an alternate sudoers file.
- If sudo is configured with S/Key support and the system has
  skeyaccess(3) use that to determine whether or not to allow
  a normal Unix password or just S/Key.
- Fixed CIDR handling in sudoers.
- Fixed a segv if the local hostname is not resolvable and
  the 'fqdn' option is set.
- "listpw=never" was not having an effect for users who did not
  appear in sudoers--now it does.
- The --without-sendmail option now works on systems with
  a /usr/include/paths.h file that defines _PATH_SENDMAIL.
- Removed the "secure_path" Defaults option as it does not work and
  cannot work until the parser is overhauled.
- Added new -P flag and "preserve_groups" sudoers option to cause
  sudo to preserve the group vector instead of setting it to that
  of the target user.  Previously, if the target user was root
  the group vector was not changed.  Now it is always changed unless
  the -P flag or "preserve_groups" option was given.
- If find_path() fails as root, try again as the invoking user (useful
  for NFS).  Idea from Chip Capelik.
- Use setpwent()/endpwent() and its shadow equivalents to be sure
  the passwd/shadow file gets closed.
- Use getifaddrs(3) to get the list of network interfaces if it is
- Dump list of local IP addresses and environment variables to clear
  when 'sudo -V' is run as root.
- Reorganized the lexer a bit and added more states.  Sudo now does a
  better job of parsing command arguments in the sudoers file.
- Wrap each call to syslog() with openlog()/closelog() since some
  things (such as PAM) may call closelog(3) behind sudo's back.
- The LOGNAME and USER environment variables are now set if the user
  specified a target uid and that uid exists in the password database.
- configure will no longer add the -g flag to CFLAGS by default.
- Now call pam_setcreds() to setup creds for the target user when
  PAM is in use.  On Linux this often sets resource limits.
- If "make install" is run by non-root and the destination dir
  is writable, install things normally but don't set owner and mode.
- The Makefile now supports installing in a shadow hierarchy
  specified via the DESTDIR variable.
- config.h.in is now generated by autoheader.

* Wed Mar 07 2001 Ryan Weaver <ryanw infohwy com>

- Fix negation of path-type Defaults entries in a boolean context.

* Thu Feb 22 2001 Ryan Weaver <ryanw infohwy com>

- Fix word splitting bug that caused a segv for very long command line args.

* Mon Aug 14 2000 Ryan Weaver <ryanw infohwy com>

- Fixed listpw and verifypw sudoers options.
- Do not write NUL when writing passwd prompt; hag linnaean org 

* Mon Jun 05 2000 Ryan Weaver <ryanw infohwy com>

- Fixed a case where a string was used after it has been freed.

* Mon May 15 2000 Ryan Weaver <ryanw infohwy com>

- Fixed a bug that prevented the -H option from being useful.
- When the targetpw flag is set, use the target username as part
  of the timestamp path.
- Fixed targetpw, rootpw, and runaspw options when used with non-passwd
  authentication (pam, etc).

* Sun Apr 02 2000 Ryan Weaver <ryanw infohwy com>

- Added check for /bin/vi in spec and use that editor for visudo if found.
- Added --with-env-editor to allow visudo to use $EDITOR env variable.

* Mon Mar 27 2000 Ryan Weaver <ryanw infohwy com>

- It is now possible to set the path to the editor for visudo as well
  as the flag that determines whether or not visudo will look at
  $EDITOR in the sudoers file.
- configure now pulls in the values of LIBS, LDFLAGS, CPPFLAGS, etc
  as the documentation says it ought to.
- Added rootpw, runaspw, and targetpw to prompt for the root, runas_default
  and target user's passwords respectively (instead of the invoking user's
- Added -S flag to force password read from stdin.
- Restore coredumpsize resource limit before exec'ing the child
  process (sudo sets it to 0 internally).
- Truncate unencrypted password to 8 chars if encrypted password is exactly
  13 characters (indicateing standard a DES password).  Many versions
  of crypt() do this for you, but not all (like HP-UX's).
- Fixed a typo/thinko that broke secureware support for long passwords.
- Added a new command line switch '-c' to support BSD login classes.
  The '-c' option can be used to sudo a command with specific resource
  limits in the login.conf database.  This feature is optionally enabled
  via the --with-logincap configure switch.  Based on a patch from
  Michael D. Marchionna.
- Fixed a bug where sudo would hang around and consume CPU if we spawn
  a long-running process.
- Deal with HP-UX password aging info tacked on to the end of the
  encrypted password.
- Added set_logname run-time option.  When unset, sudo will not set
  the USER and LOGNAME environment variables.
- Wildcards are now allowed in the hostnames specified in sudoers.
  The 'fqdn' option is often required for this to be useful.
- Fixed a bug where host and user qualifiers in a Defaults entry were
  not being used correctly and the entry was being applied globally.

* Fri Mar 10 2000 Ryan Weaver <ryanw infohwy com>

- Fixed a typo/think that broke secureware support for long passwords.

* Mon Feb 28 2000 Ryan Weaver <ryanw infohwy com>

- Fixed a bug that caused an infinite loop when the password
  timeout was disabled.

* Fri Jan 28 2000 Ryan Weaver <ryanw infohwy com>

- Users in the 'exempt' group shouldn't get their $PATH overridden
  by 'secure-path'.  Patch from jmknoble pobox com 
- Pam now works on HP-UX 11.0, thanks to Jeff A. Earickson.

* Mon Jan 24 2000 Ryan Weaver <ryanw infohwy com>

- Better behavior for -l and -v flags in conjunction with NOPASSWD and
  added "verifypw" and "listpw" options.
- For HP-UX with cc, add the -Aa flag along with -D_HPUX_SOURCE.
- Fix compilation with K&R compilers.
- For netgroup host matching, match against the short version of the
  hostname as well as the long one if they are different.
- Terminate passwd reading on '\r' in addition to '\n'
- Visudo used to loop endlessly if a user entered ^D at the whatnow
  prompt.  EOF is now treaded as 'x' (exit w/o saving changes).
- The 'shell_noargs' runtime option is back based on a patch from
  bguillory email com 
- Systems that return RLIM_INFINITY for RLIMIT_NOFILE (like AIX)
  would loop for a very loing time during sudo startup.  A value of
  RLIM_INFINITY is now ignored (getdtablesize/sysconf is used instead).
- Locking in visudo was broken.  We now lock the sudoers file, not the
  sudoers temp file, which should be safe.
- PAM fixups: custom prompts now work correctly and errors are
  dealt with more sanely.  Patches from Cloyce D. Spradling.

* Fri Dec 10 1999 Ryan Weaver <ryanw infohwy com>

- Better diagnostics on PAM failure. 
- The --enable-noargs-shell configure option works again. The
  noargs-shell run-time option has been removed since it cannot
  work due to the way the sudoers file is parsed. 
- The following run-time options were not honored in all cases:
  set_home, fqdn, syslog, tty_tickets, ticket_dir, insults. 
- Fixed a bug parsing runas modifiers. If a user spec contained
  multiple runas specs, the latter ones may not be applied. 
- #uid now works in a RunasAlias line. 
- Don't ask the user for a password if the user is not allowed to run
  the command and the authenticate flag (in sudoers) is false. 
- SecurID support now compiles and works.

* Wed Nov 17 1999 Ryan Weaver <ryanw infohwy com>

- Updated to version 1.6 Full Release.

* Fri Nov 12 1999 Ryan Weaver <ryanw infohwy com>

- Updated to version 1.6 rc 1.
- sudo now turns off core dumps via setrlimit (probably paranoia).

* Tue Nov 02 1999 Ryan Weaver <ryanw infohwy com>

- Updated to version 1.6 beta 11.
- Fixed the root_sudo option.  Sudo was always complaining that root
  was not allowed to run sudo if the root_sudo flag was turned off.

- tgetpass() now uses a function to read up until the end of line.
  Fixes problems in a pipeline when a program sets the tty mode
  to be character at a time.

* Mon Nov 01 1999 Ryan Weaver <ryanw infohwy com>

- Updated to version 1.6 beta 10. See CHANGELOG for details.
- Added -D_GNU_SOURCE to CFLAGS. Some machines need this to compile.

* Mon Oct 18 1999 Ryan Weaver <ryanw infohwy com>

- Updated to version 1.6 beta 9. See CHANGELOG for details.

* Wed Oct 13 1999 Ryan Weaver <ryanw infohwy com>

- Changed Copyright rpm header info.. BSD now.
- Updated to version 1.6 beta 8. See CHANGELOG for details.

* Fri Jul 09 1999 Ryan Weaver <ryanw infohwy com>

- New PAM code again, this time it should be correct.  If your PAM
  actually honors appdata_ptr (Solaris does not) sudo will retain
  its 'quit if you hit return at the password prompt' behavior.
- tgetpass() now has a flag to specify whether or not to turn
  off echo while reading the password.  Used by the new PAM code.

* Tue Jun 22 1999 Ryan Weaver <ryanw infohwy com>

- The password authentication code has moved from check.c to auth.c. 
- Kerberos V < 1.1 should work again (using the Kerberos IV code).

* Fri Jun 04 1999 Ryan Weaver <ryanw infohwy com>

- Added dir /var/run/sudo to file list.
- Added --enable-log-host --disable-log-wrap to configure.
- Added --with-logging=file to configure.
- Added logrotate.d file to rotate /var/log/sudo.log monthly.

* Fri Jun 04 1999 Ryan Weaver <ryanw infohwy com>

- Upgraded to 1.6beta4
- The runas user and NOPASSWD tags are now persistent across entries
  in a command list (ie: cmnd1,cmnd2,cmnd3).  A PASSWD tag has been
  added to reverse NOPASSWD.  The runas user and *PASSWD tags can be
  overridden on a per-command basis at which point they become the
  new default for the rest of the list.
- It is now possible to use the '!' operator in a runas list as
  well as in a Cmnd_Alias, Host_Alias and User_Alias.
- In estrdup(), do the malloc ourselves so we don't need to rely on the
  system strdup(3) which may or may not exist.  There is now no need to
  provide strdup() for those w/o it.
- You can now specifiy a host list instead of just a host or alias
  in a privilege list.  Ie: user=host1,host2,ALIAS,!host3 /bin/ls
- Stash the "safe" path to the command instead of stashing the struct
  stat.  Should be safer.
- Now set $LOGNAME in addition to $USER.
- No longer use stdio in tgetpass()
- Don't use _PASSWD_LEN or PASS_MAX as we can't rely on them corresponding
  to anything real.  Instead, we just use a max password size of 256

* Fri Jun 04 1999 Ryan Weaver <ryanw infohwy com>

- Initial RPM build.
- Installing sample pam file.


   RPMs are built on a Pentium II 400mhz w/128megs RAM with RedHat 7.1
   plus updates from ftp://updates.redhat.com installed.

   These files are also available on the following sites

PGP Key can be found at ftp://ftp.falsehope.com/pub/Ryan_Weaver.pgp.key
GPG Key can be found at ftp://ftp.falsehope.com/pub/Ryan_Weaver.gpg.key

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]