===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/sudo/Attic/CHANGES,v
retrieving revision 1.9
retrieving revision 1.9.4.1
diff -c -r1.9 -r1.9.4.1
*** src/usr.bin/sudo/Attic/CHANGES	2001/03/02 14:39:43	1.9
--- src/usr.bin/sudo/Attic/CHANGES	2002/01/18 16:14:44	1.9.4.1
***************
*** 1322,1369 ****
  
  Sudo 1.6.3p5 released.
  
! 415) Visudo now checks for the existence of an editor and gives a sensible
       error if it does not exist.
  
! 416) The path to the editor for visudo is now a colon-separated list of
       allowable editors.  If the user has $EDITOR set and it matches
       one of the allowed editors that editor will be used.  If not,
       the first editor that actually exists is used.
  
! 417) Visudo now does its own fork/exec instead of calling system(3).
  
! 418) Call clean_env very early in main() for paranoia's sake.  Idea from
!      Marc Esipovich.
! 
! 419) Allow special characters (including '#') to be embedded in pathnames
       if quoted by a '\\'.  The quoted chars will be dealt with by fnmatch().
       Unfortunately, 'sudo -l' still prints the '\\'.
  
! 420) Added always_set_home option.
  
! 421) Strip NLSPATH and PATH_LOCALE out from the environment to prevent
!      reading of protected files by a less priviledged user.
  
! 422) Add support for BSD authentication and associated -a flag.
  
! 423) Added check for _innetgr(3) since NCR systems have this instead
       of innetgr(3).
  
! 424) Added stay_setuid option for systems that have libraries that perform
       extra paranoia checks in system libraries for setuid programs.
  
! 425) Environment munging is now done by hand.  We build up a new environment
!      and assign it to "environ".  This means we don't rely on getenv(3),
!      putenv(3), or setenv(3).
  
- 426) Added env_reset and env_keep options.  This allows the sysadmin to
-      force commands to run with a clean environment.  Any variable in
-      the env_keep list will not get cleared when the environment is reset
-      *or* purged of dangerous vars (e.g. LD_*).
- 
  427) Added a class of environment variables that are only cleared if they
       contain '/' or '%' characters.
  
! 428) Fix word splitting bug that caused a segv for very long command line args.
  
! 429) Fix negation of path-type Defaults entries in a boolean context.
--- 1322,1503 ----
  
  Sudo 1.6.3p5 released.
  
! 415) Fix word splitting bug that caused a segv for very long command line args.
! 
! Sudo 1.6.3p6 released.
! 
! 416) Fix negation of path-type Defaults entries in a boolean context.
! 
! Sudo 1.6.3p7 released.
! 
! 417) Visudo now checks for the existence of an editor and gives a sensible
       error if it does not exist.
  
! 418) The path to the editor for visudo is now a colon-separated list of
       allowable editors.  If the user has $EDITOR set and it matches
       one of the allowed editors that editor will be used.  If not,
       the first editor that actually exists is used.
  
! 419) Visudo now does its own fork/exec instead of calling system(3).
  
! 420) Allow special characters (including '#') to be embedded in pathnames
       if quoted by a '\\'.  The quoted chars will be dealt with by fnmatch().
       Unfortunately, 'sudo -l' still prints the '\\'.
  
! 421) Added the always_set_home option.
  
! 422) Strip NLSPATH and PATH_LOCALE out from the environment to prevent
!      reading of protected files by a less privileged user.
  
! 423) Added support for BSD authentication and associated -a flag.
  
! 424) Added check for _innetgr(3) since NCR systems have this instead
       of innetgr(3).
  
! 425) Added stay_setuid option for systems that have libraries that perform
       extra paranoia checks in system libraries for setuid programs.
  
! 426) Environment munging is now done by hand.  The environment is zeroed
!      upon sudo startup and a new environment is built before the command
!      is executed.  This means we don't rely on getenv(3), putenv(3),
!      or setenv(3).
  
  427) Added a class of environment variables that are only cleared if they
       contain '/' or '%' characters.
  
! 428) Use stashed user_gid when checking against exempt gid since sudo
!      sets its gid to SUDOERS_GID, making getgid() return that, not the
!      real gid.  Fixes problem with setting exempt group == SUDOERS_GID.
!      Fix from Paul Kranenburg.
  
! 429) Fixed file locking in visudo on NeXT which has a broken lockf().
!      Patch from twetzel@gwdg.de.
! 
! 430) Regenerated configure script with autoconf-2.52 (required some
!      tweaking of configure.in and friends).
! 
! 431) Added mail_badpass option to send mail when the user does not
!      authenticate successfully.
! 
! 432) Added env_reset Defaults option to reset the environment to
!      a clean slate.  Also implemented env_keep Defaults option
!      to specify variables to be preserved when resetting the
!      environment.
! 
! 433) Added env_check and env_delete Defaults options to allow the admin
!      to modify the builtin list of environment variables to remove.
! 
! 434) If timestamp_timeout < 0 then the timestamp never expires.  This
!      allows users to manage their own timestamps and create or delete
!      them via 'sudo -v' and 'sudo -k' respectively.
! 
! 435) Authentication routines that use sudo's tgetpass() now accept
!      ^C or ^Z at the password prompt and sudo will act appropriately.
! 
! 436) Added a check-only mode to visudo to check an existing sudoers
!      file for sanity.
! 
! 437) Visudo can now edit an alternate sudoers file.
! 
! 438) If sudo is configured with S/Key support and the system has
!      skeyaccess(3) use that to determine whether or not to allow
!      a normal Unix password or just S/Key.
! 
! 439) Fixed CIDR handling in sudoers.
! 
! 440) Fixed a segv if the local hostname is not resolvable and
!      the 'fqdn' option is set.
! 
! 441) "listpw=never" was not having an effect for users who did not
!      appear in sudoers--now it does.
! 
! 442) The --without-sendmail option now works on systems with
!      a /usr/include/paths.h file that defines _PATH_SENDMAIL.
! 
! 443) Removed the "secure_path" Defaults option as it does not work and
!      cannot work until the parser is overhauled.
! 
! 444) Added new -P flag and "preserve_groups" sudoers option to cause
!      sudo to preserve the group vector instead of setting it to that
!      of the target user.  Previously, if the target user was root
!      the group vector was not changed.  Now it is always changed unless
!      the -P flag or "preserve_groups" option was given.
! 
! 445) If find_path() fails as root, try again as the invoking user (useful
!      for NFS).  Idea from Chip Capelik.
! 
! 446) Use setpwent()/endpwent() and its shadow equivalents to be sure
!      the passwd/shadow file gets closed.
! 
! 447) Use getifaddrs(3) to get the list of network interfaces if it is
!      available.
! 
! 448) Dump list of local IP addresses and environment variables to clear
!      when 'sudo -V' is run as root.
! 
! 449) Reorganized the lexer a bit and added more states.  Sudo now does a
!      better job of parsing command arguments in the sudoers file.
! 
! 450) Wrap each call to syslog() with openlog()/closelog() since some
!      things (such as PAM) may call closelog(3) behind sudo's back.
! 
! 451) The LOGNAME and USER environment variables are now set if the user
!      specified a target uid and that uid exists in the password database.
! 
! 452) configure will no longer add the -g flag to CFLAGS by default.
! 
! 453) Now call pam_setcreds() to setup creds for the target user when
!      PAM is in use.  On Linux this often sets resource limits.
! 
! 454) If "make install" is run by non-root and the destination dir
!      is writable, install things normally but don't set owner and mode.
! 
! 455) The Makefile now supports installing in a shadow hierarchy
!      specified via the DESTDIR variable.
! 
! 456) config.h.in is now generated by autoheader.
! 
! Sudo 1.6.4 released.
! 
! 457) Move the call to rebuild_env() until after MODE_RESET_HOME is set.
!      Otherwise, the set_home option has no effect.
! 
! 458) Fix use of freed memory when the "fqdn" flag is set.  This was
!      introduced by the fix for the "segv when gethostbynam() fails" bug.
! 
! 459) Add 'continue' statements to optimize the switch statement.
!      From Solar Designer.
! 
! Sudo 1.6.4p1 released.
! 
! 460) Some special characters were not being escaped properly (e..g '\,')
!      in command line arguments and would cause a syntax error instead.
! 
! 461) "sudo -l" would not work if the always_set_home option was set.
! 
! 462) Added a configure option to disable use of POSIX saved IDs for
!      operating systems where these are broken.
! 
! 463) The SHELL environment variable was preserved from the user's environment
!      instead of being reset based on the passwd database even when the
!      "env_reset" option was set.
! 
! Sudo 1.6.4p2 released.
! 
! 464) Added a configure option to cause mail sent by sudo to be run as
!      the invoking user instead of root.  Some people consider this to
!      be safer.
! 
! 465) If the mailer is being run as root, use a hard-coded environment
!      that is not influenced in any way by the invoking user's environment.
! 
! 466) Fixed the call to skeyaccess().  Patch from Phillip E. Lobbes.
! 
! Sudo 1.6.5 released.
! 
! 467) Visudo could access memory that was already freed.
! 
! 468) If the skey.access file denied use of plaintext passwords sudo
!      would exit instead of allowing the user to enter an S/Key.
! 
! Sudo 1.6.5p1 released.