Annotation of src/usr.bin/sudo/CHANGES, Revision 1.1
1.1 ! millert 1: CHANGES since sudo 1.2
! 2:
! 3: 01) sudo now works under hpux, aix, sunos, bsd43, ultrix, linux, osf and irix.
! 4:
! 5: 02) Files w/o the executable bit will be ignored if they are in your PATH.
! 6:
! 7: 03) If execv() fails, perror is called (which prints out an error based on
! 8: errno) and sudo exits with -1.
! 9:
! 10: 04) Included in this shar should also be a version of getpass() derived from
! 11: the bsd net-2 source which works on bsd, ultrix, hpux, aix, and irix
! 12: at least. The latter three unixes have what i consider to be a broken
! 13: getpass() in that if /dev/tty can't be opened it doesn't just use stdin
! 14: like bsd getpass(). This means you cannot do: rsh host "sudo command"
! 15: and have it work if your ticket has expired.
! 16:
! 17: 05) The Makefile has changed significantly. It now has defines for all
! 18: supported architectures.
! 19:
! 20: 06) Changed MAXCOMMANDLENGTH from 48 bytes to MAXPATHLEN and included
! 21: sys/param.h where appropriate.
! 22:
! 23: 07) Rewrote the code that expands links & paths. It now works correctly.
! 24: (rewrote find_path.c)
! 25:
! 26: 08) Added a define NEED_STRDUP so we don't conflict with the system's strdup(3)
! 27:
! 28: 09) Now does *not* pass LD_* environmental vars on to programs that get
! 29: exec'd. Also removes SHLIB_PATH for hpux and _RLD_* for dec osf.
! 30:
! 31: 10) Now searches current dir last if '.' or '' are in PATH. Misses braindeath
! 32: like './' but if that's in your path you deserve all the trojans you get.
! 33:
! 34: 11) Added in linux patches from drew + flex support.
! 35:
! 36: 12) Added insults back in from original sudo(8) (define USE_INSULTS).
! 37:
! 38: 13) visudo now uses EDITOR envar (from John_Rouillard@dl5000.bc.edu)
! 39:
! 40: 14) you can now specify a dir containing commands that a sudoer can do.
! 41: (from John_Rouillard@dl5000.bc.edu)
! 42:
! 43: 15) Ported to Solaris 2.x (based on a port of sudo 1.1 done by UnixOps).
! 44:
! 45: 16) Took out setuid(0); setruid(uid); pairs that bracketed calls to
! 46: update_timestamp() since they are unnecessary and setruid() is
! 47: broken on systems without a setreuid(2) or setresuid(2) system call.
! 48: (Ie: AIX and Solaris 2.x).
! 49:
! 50: 17) The bulk of sudo now runs with the caller's real uid. Grep for
! 51: be_root() to find the exceptions.
! 52:
! 53: CHANGES from sudo 1.3
! 54:
! 55: 18) Added SECURE_PATH as suggested by russells@ccu1.auckland.ac.nz.
! 56:
! 57: 19) Reworked clean_envp() to modify environ (not envp) so we can use
! 58: execvp() safely.
! 59:
! 60: 20) Now use execvp() instead of execve() so sudo /bin/kill works under
! 61: broken solaris. This also fixed sudo /etc/fastboot under stock
! 62: 4.3 BSD. Basically, this means that any executable shell script that
! 63: lacks a '#!/bin/sh' magic number will now work with sudo. Personally
! 64: I think that the broken scripts should be fixed rather than changing
! 65: sudo, but vendors will be broken. Sigh.
! 66:
! 67: 21) Added USE_EXECV define so you can make sudo use execv() if you
! 68: want. Using execvp() shouldn't be a problem since it is always
! 69: handed a non-relative path that begins with '/' but some people
! 70: may not trust execvp().
! 71:
! 72: 22) Log file lines will no longer get truncated. Syslog entries that
! 73: would overrun the syslog(3) line limit are continued on another entry.
! 74:
! 75: 23) When logging to a log file, long entries are indented to improve
! 76: readability.
! 77:
! 78: 24) Whenever the umask is changed, it is changed back to what it was
! 79: before.
! 80:
! 81: 25) Log file is written as mode 600 instead of 644
! 82:
! 83: 26) Umask that sudo runs with may now be specified.
! 84:
! 85: 27) There is now a "configure" script.
! 86:
! 87: 28) Sudo will use ultra fast crypt (ufc) if it finds it for systems w/o
! 88: a real crypt(3) (non-US ConvexOS/Secure for instance).
! 89:
! 90: 29) _BSD_COMPAT is now defined for Irix.
! 91:
! 92: 30) The global variable uid is now initialized to -2 because I'm paranoid.
! 93:
! 94: 31) Native Solaris 2 port from Matthew.Stier@aisg.com
! 95:
! 96: 32) Now use sysconf(2) instead of getdtablesize(2) if it is available
! 97: (see change #31). Because of the the getdtablesize() emulation for
! 98: hpux is no longer necessary.
! 99:
! 100: 33) Now only do a getcwd(3) or getwd(3) once and do it as the real user.
! 101: Sudo should no longer complain that it can't get the cwd unless
! 102: there is a real problem.
! 103:
! 104: 34) Changed some malloc'd globals of fixed length to be allocated from
! 105: the stack instead as there was no win in allocating them from the
! 106: heap.
! 107:
! 108: 35) Fixed AIX STATIC_FLAGS as per the AIX faq.
! 109:
! 110: 36) Added -V flag to sudo and visudo (for version)
! 111:
! 112: 37) Now treat EACCESS like EPERM when doing stat(2) in find_path.c
! 113:
! 114: 38) Added prototypes for sudo functions (via __P macro)
! 115:
! 116: 39) configure now uses uname(1) if it exists
! 117:
! 118: 40) gethostbyname(3) is now only called if you define FQDN. There's really
! 119: no reason to not trust gethostname(2) and this way if name service is
! 120: hosed sudo isn't...
! 121:
! 122: 41) added -v (validate) flag to sudo to update a timestamp w/o running
! 123: a command
! 124:
! 125: 42) now use tgetpass() (getpass with a timeout)
! 126:
! 127: 43) find_path() now uses realpath(3)
! 128:
! 129: 44) wrote versions of realpath(3) and getcwd(3) for those without
! 130:
! 131: 45) wrote tgetpass()--a getpass() that times out via select(2)
! 132:
! 133: 46) sudo now uses posix signals if available
! 134:
! 135: 47) Finally added ConvexOS C2 security support from
! 136: "Peter A. Nikitser, Systems Software Support, QUT" <P.NIKITSER@qut.edu.au>
! 137:
! 138: 48) You can now #undef MAILER if you don't run sendmail or the equivalent.
! 139:
! 140: 49) AFS support from adamh@austin.ibm.com
! 141:
! 142: 50) If you define BOTH_LOGS in sudo.h you can log both via syslog(3) *ans*
! 143: to a log file.
! 144:
! 145: 51) Added ultrix /etc/auth (enhanced security) support.
! 146:
! 147: 52) Sudo now will work with a 4.2BSD syslog (SunOS < 4 && ultrix).
! 148: Personally, I'd say you are better off logging to a file if
! 149: your syslog is this ancient.
! 150:
! 151: 53) Changed realpath(3) to sudo_realpath() since we need to do the
! 152: chdir(2) with the invoking uid. sudo_realpath() should be
! 153: faster than vendor-supplied realpath(3)'s anyway...
! 154:
! 155: 54) No longer create a static binary on AIX since it reportedly
! 156: causes problem on newer versions on AIX 3.x.
! 157:
! 158: 55) If sudo_realpath cannot chdir() back to cwd sudo will print
! 159: and error and exit. Previously it would either fail silently
! 160: or print an incorrect error message.
! 161:
! 162: 56) Moved code to send error mail to be after the log message.
! 163: From rouilj@cs.umb.edu.
! 164:
! 165: 57) Added SUDO_USER and SUDO_UID envars. Suggested by John P. Rouillard
! 166: (<rouilj@cs.umb.edu).
! 167:
! 168: 58) Added -k and -h options and rearranged some of the code to be
! 169: more modular and less braindamaged. This introduces the concept
! 170: of "run modes" to sudo.
! 171:
! 172: 59) Fixed visudo and flex. visudo now calls yyrestart() if you are using
! 173: flex instead of lex. From bostley@cs.colorado.edu.
! 174:
! 175: 60) Added a "cat page" for systems w/o nroff.
! 176:
! 177: 61) Fixed a bug whereby only the last directory specified in a Cmnd_Alias
! 178: was checked. Reported by "James R. Hendrick" <hendrick@ctron.com>.
! 179:
! 180: 62) All .{c,lex,yacc} files now include both sys/types.h and unistd.h so
! 181: we are sure to get the typedef of uid_t.
! 182:
! 183: CHANGES from sudo 1.3.1
! 184:
! 185: 63) Added preliminary support for DEC OSF/1 protected passwords
! 186: (shadow passwords).
! 187:
! 188: CHANGES from sudo 1.3.1pl1
! 189:
! 190: 64) More support for DEC OSF/1 protected passwords (shadow passwords).
! 191:
! 192: CHANGES from sudo 1.3.1pl2
! 193:
! 194: 65) Fixed mail logging to include the username as it should have.
! 195:
! 196: 66) Added hostname to log message in error mail.
! 197:
! 198: 67) Added -l flag to sudo to list the allowed/forbidden commands.
! 199: Suggested by matthew@gateway.bsis.com (Matthew Stier)
! 200:
! 201: 68) Fixed bison warnings for parse.yacc and visudo.yacc.
! 202: Pointed out by alfie@dcs.warwick.ac.uk (Nick Holloway).
! 203:
! 204: CHANGES from sudo 1.3.1pl3
! 205:
! 206: 69) Sudo will now exit with an error if the command to be run is > MAXPATHLEN.
! 207:
! 208: 70) Test in configure for termios support was insufficient. It thought
! 209: Nextstep 3.2 had termios just because it as termios.h (need to link
! 210: with -posix for termios on NeXT's)
! 211:
! 212: CHANGES from sudo 1.3.1pl4
! 213:
! 214: 71) First stab at Skey support.
! 215:
! 216: 72) Sudo now sets IFS to be SPACE, TAB, NEWLINE.
! 217:
! 218: 73) Sudo now sets the real and effective gid to root's group
! 219: (based on passwd file).
! 220:
! 221: 74) Sudo now checks that the sudoers file is owned by a certain user
! 222: and not readable or writable by anyone else.
! 223: (based on a suggestion by Joerg Schumacher <schuma@ips.cs.tu-bs.de>)
! 224:
! 225: 75) Visudo now sets the owner on the new sudoers file based on #74
! 226:
! 227: 76) Sudo and visudo will now compile with byacc (Berkeley yacc).
! 228:
! 229: 77) If the rename(2) of stmp -> sudoers fails /bin/mv is executed before
! 230: bailing. Based on code from Case Larsen <clarsen@mh1.lbl.gov>.
! 231:
! 232: 78) User-level configuration is now done in options.h.
! 233:
! 234: 79) Moved all compatibility #defines to compat.h
! 235:
! 236: 80) Incorporated new parsing code from Chris Jepeway <jepeway@cs.utk.edu>.
! 237: This is much better than the previous parser.
! 238:
! 239: 81) Rewrote visudo.c and tickled parse.yacc to work with it. Visudo
! 240: now gives you options if a parse error occurs rather than blindly
! 241: dumping you back in the editor.
! 242:
! 243: 82) Took out all references to realpath since we are now checking based
! 244: in inode and device (with Chris' new parser). The upshot of this
! 245: is that path matches are done safely and the symlink problem has
! 246: gone away.
! 247:
! 248: 83) Fixed bison warnings from new parse.yacc.
! 249:
! 250: 84) Added a default case to parse.lex to error on unmatched tokens as Chris
! 251: suggested.
! 252:
! 253: 85) Converted configure.in and acsite.m4 to autoconf 2.1.
! 254:
! 255: 86) Added lsearch.c and search.h for os's w/o lsearch()/lfind().
! 256:
! 257: 87) Sudo now checks to see that the file it is executing is a regular file
! 258: (was just checking the execute bit so dirs slipped through).
! 259: Pointed out by Barb Dijker <barb@labyrinth.com>.
! 260:
! 261: 88) Fixed a problem on HP-UX trusted systems with getpwuid() returning "*"
! 262: unless the real uid is 0. Reported by Brian Cunnie (cunnie@nyc.hp.com).
! 263:
! 264: 89) configure now checks for size_t and ssize_t in unistd.h as well
! 265: as sys/types.h.
! 266:
! 267: 90) configure now checks for egrep before actually using it.
! 268:
! 269: 91) configure now checks for a working void implementation (ie: void * as
! 270: a generic pointer) and sets VOID to void or char accordingly.
! 271:
! 272: 92) Added support for SunOS 4.x C2 security (shadow passwords) from
! 273: Kendall Libby (fubar@shore.net)
! 274:
! 275: 93) Changed all occurrences of bzero() to memset() and bcopy() to
! 276: memmove().
! 277:
! 278: 94) Fixed a bug in sudo.c. If a user has no passwd entry sudo would
! 279: dump core (writing to a garbage pointer). Pointed out by
! 280: Stephen Schaefer <sps@gateway.bsis.com>.
! 281:
! 282: 95) Worked around a bug in AIX's lex in parse.c. AIX lex doesn't seem
! 283: to handle {x,y} range notation correctly. Bleah.
! 284:
! 285: 96) Sudo would not report a failed attempt if the user entered <return>
! 286: at the 2nd password: prompt so someone trying to guess a password
! 287: could just invoked sudo multiple times and try one passwd at a time.
! 288: Reported by Jonathan Adams <jonathan@smada.com>.
! 289:
! 290: 97) Added User_Alias facility.
! 291:
! 292: 98) Rewrote most of the ip address / network support. Now works on all
! 293: systems sudo has currently been tested on.
! 294:
! 295: 99) Sudo now sets SUDO_COMMAND and SUDO_GID envariables in addition to
! 296: SUDO_USER and SUDO_UID.
! 297:
! 298: 100) Added changes to configure.in for UnixWare.
! 299: (from John Warburton <jwarb@SACBH.com.au>)
! 300:
! 301: 101) Merged in changes for Interactive Unix and RISCos.
! 302: (from Andy Smith <abs@maunsell.co.uk>)
! 303:
! 304: 102) Added testsudoers (from Chris Jepeway <jepeway@cs.utk.edu>).
! 305:
! 306: 103) Added fix for parse.yacc to avoid the kludge I was doing.
! 307: (from Chris Jepeway <jepeway@cs.utk.edu>)
! 308:
! 309: 104) Now remove the IFS envar if set instead of setting it to a "safe"
! 310: value to avoid problems with make and others.
! 311:
! 312: 105) Added FAST_MATCH option to check basenames of sudo command and
! 313: paths listed in sudoers file. If the basename doesn't match
! 314: then it is not a match. If the basename matches, then do
! 315: a stat to make sure it is a valid match.
! 316:
! 317: 106) Now only stat(2) cmnd once in path_matches() (in parse.c). Sudo
! 318: was stating cmnd for *every* attempted match. Now the stat struct
! 319: is cached (ie: the var is a static).
! 320:
! 321: 107) Signal handlers in visudo are now only installed after the stmp
! 322: file is opened. Previously, it was possible to erase an open
! 323: stmp file by sending visudo a signal within a small window.
! 324:
! 325: 108) Added Goon Show insults from Russell Street <r.street@auckland.ac.nz>.
! 326:
! 327: 109) Broke out the insults into separate include files (insults.h
! 328: is the master and includes the appropriate one).
! 329:
! 330: 110) Now use getwd() instead of getcwd() and provide emulation for
! 331: OS's w/o it. This was done since some OS's with getwd()
! 332: implement getcwd() via a pipe to pwd(1). By emulating getwd()
! 333: by calling getcwd() on OS's w/o getwd() we lose nothing since
! 334: the compiler should optimize away the extra function call.
! 335:
! 336: 111) Added crypt() for DEC OSF/1 3.x enhanced security.
! 337: From "Richard L Jackson Jr" <rjackson@osf1.gmu.edu>.
! 338:
! 339: 112) Added an option to run the command in the background (-b) as
! 340: suggested by Jonathan Adams <jonathan@smada.com>
! 341:
! 342: 113) First stab at kerberos support. I'm not really sure it is
! 343: possible to do this in a sane manor. Sigh.
! 344:
! 345: 114) Better kerberos support. Had to use setreuid(2) but falls
! 346: back on a kludge if that does not exist or is broken.
! 347:
! 348: 115) Added -p (password prompt) support.
! 349: Suggested by "David W. Cooley" <dwcooley@COLBY.EDU>
! 350:
! 351: 116) Added partial implementation of -l (list) flag.
! 352: This is probably as good as it will get until sudo:tng.
! 353:
! 354: 117) Added anti-spoofing code to tighten up a race condition
! 355: where a user could run sudo some_link and then change
! 356: where the link pointed after the old link had been
! 357: validated but before the exec().
! 358:
! 359: 118) Now update timestamp file via utime() (and emulate via utimes()
! 360: if necessary) to eliminate a small race. Works with
! 361: both POSIX utime() as well as old utime() in BSD <= 4.3.
! 362:
! 363: 119) Kerberos ticket file now lives in same dirs as sudo timestamp
! 364: files (to avoid trouncing on normal ticket file) and is removed
! 365: after validation.
! 366:
! 367: 120) Now log tty user is on as well as pwd in sudo logs.
! 368:
! 369: CHANGES from sudo 1.3.2 BETA
! 370:
! 371: 121) Fixed a bug in the anti-spoofing check.
! 372:
! 373: 122) Fixed up ISC support so that it works and looks like non-streams
! 374: stuff in interfaces.c.
! 375:
! 376: 123) Now deal correctly with ip implementations that has an sa_len
! 377: field in struct sockaddr.
! 378:
! 379: 124) Check ownership and permissions on timestamp dir and ignore if
! 380: not owned by root and mode 0700. Problem pointed out by Larry Auton
! 381: <lda@research.AT&T.com> and Navjot Singh <singh@research.AT&T.com>.
! 382:
! 383: 125) Ignore timestamp files with preposterous dates to keep people from
! 384: faking out sudo on OS's that allow you to give away files to root.
! 385: Problem pointed out by Larry Auton <lda@research.AT&T.com> and
! 386: Navjot Singh <singh@research.AT&T.com>.
! 387:
! 388: 126) A timeout of 0 will now cause a password to be entered every
! 389: time. Based on a suggestion by Larry Auton <lda@research.AT&T.com>
! 390: and Navjot Singh <singh@research.AT&T.com>.
! 391:
! 392: CHANGES from sudo 1.3.3 BETA
! 393:
! 394: 127) Cleaned up interfaces.c so that it is more readable.
! 395:
! 396: 128) Added support for syslog()'s that don't guarantee delivery
! 397: of a message. HP-UX is the only known offender.
! 398:
! 399: 129) No longer use memmove() since memcpy() does what we need and
! 400: configure doesn't always catch memmove() even when it is
! 401: there (may be a library problem).
! 402:
! 403: 130) Updated man page to reflect two more security issues.
! 404:
! 405: 131) Cleaned up shadow password support in check.c. It should now
! 406: be readable.
! 407:
! 408: 132) Added SCO support.
! 409:
! 410: 133) Added check to configure to find the max length of a uid_t
! 411: in characters.
! 412:
! 413: 134) Removed uid2str() since we now know how big a uid_t/gid_t
! 414: can be. This elminates a few malloc()'s.
! 415:
! 416: 135) Added support for multiple insult types. Based on code and
! 417: a suggestion from Dieter Dworkin Muller <dworkin@village.org>.
! 418:
! 419: 136) Replaced clean_env() and rmenv() with a rewritten clean_env()
! 420: that should be a little faster. This also makes it easier to
! 421: add to the list of "dangerous" envariables.
! 422:
! 423: 137) Added netgroup support. Netgroups must start with a leading
! 424: "+" to that sudo knows it is a netgroup.
! 425:
! 426: 138) Split out sudoers file format into its own man page.
! 427: As suggested by Andy Smith <abs@maunsell.co.uk>.
! 428:
! 429: 139) Updated testsudoers.c to grok netgroups.
! 430:
! 431: CHANGES from sudo 1.3.4 BETA
! 432:
! 433: 140) Added SecurID support from Giles Todd <giles@gt.demon.co.uk>.
! 434:
! 435: 141) Added -s flag to start a root shell and -- to signify end of args.
! 436:
! 437: 142) Sped up logging routines by replacing strncpy()'s with strcat()'s.
! 438: This is safe because we dyanically allocate logline to be big enough.
! 439:
! 440: 143) Now support command line arguments in the sudoers file.
! 441:
! 442: 144) Sped up the loading on command line arguments. This fixes the
! 443: "commands with large argc's take forever to run" bug.
! 444:
! 445: 145) Expanded MAXCOMMANDLEN to 8K since we now have to deal with
! 446: command line arguments. Added bounds checking in fill() and
! 447: append() so we don't drop core.
! 448: XXX - 8k makes sudo *SLOW*
! 449:
! 450: 146) Added support in the lexer for "termination characters" to be
! 451: escaped. Ie: you can now use [\,:=] in command line args
! 452: as long as you escape with a \.
! 453:
! 454: 147) Testsudoers can now deal with commands that have arguments.
! 455:
! 456: 148) If a file is not executable or not a regular file sudo will
! 457: now give the appropriate error message instead of just
! 458: "command not found" which is misleading.
! 459:
! 460: 149) Fixed a bug where if FQDN is set, load_interfaces() was never
! 461: called.
! 462:
! 463: 150) tty is now a global so it can be used in the ticket file
! 464: at a later date.
! 465:
! 466: 151) Strings in the parser are now allocated dynamically. This results
! 467: in a large speedup as compared to a 1K array on the stack. I
! 468: have freed the strings in the parser where appropriate but that
! 469: may not catch all instances. Even so, the average sudo now
! 470: takes up less memory than the 1K array version.
! 471:
! 472: 152) Fixed a bug in tgetpass() and configure that broke termio/termios
! 473: support for some OS's.
! 474:
! 475: 153) Added cheapo implementation of tty-based timestamps. The correct
! 476: way is to have username be a directory with the tty tickets
! 477: inside. However, the current code does not take to that very
! 478: well, and it does not allow the two systems to coexist. Therefore,
! 479: instead of timestampdir/user/tty it is timestampdir/user.tty.
! 480:
! 481: 154) Added support for building in other than the source directory.
! 482: Based on changes from "Simon J. Gerraty" <sjg@frodo.dn.itg.telecom.com.au>
! 483:
! 484: 155) options.h and pathnames.h are now included via angle brackets
! 485: (<>) so as to use the -I include path. This way, those using
! 486: a shadow build tree may have local copies of these headers
! 487: w/o clobbering the distribution ones.
! 488:
! 489: 156) EXEMPTGROUP is now a string (group name) and user_is_exempt()
! 490: is now less of a hack. It uses getgrnam(EXEMPTGROUP) to
! 491: get a list of users in the exempted group.
! 492:
! 493: 157) --prefix and --exe_prefix are now honored in the Makefile.
! 494:
! 495: 158) Sudo will now behave reasonably in the case where the sudoers
! 496: file location is mounted via NFS and the client does not
! 497: have "root" NFS privs.
! 498:
! 499: 159) _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, and SUDOERS_OWNER are
! 500: now set via the Makefile since that appears to be what
! 501: most people expect...
! 502:
! 503: 160) Now include a pre-generated version of parse.lex since so many
! 504: versions of lex are brain damaged. If parse.lex is changed
! 505: a new lex.yy.c will be generated. The distribution copy is
! 506: sudo-lex.yy.c.
! 507:
! 508: 161) Upgraded to GNU autoconf version 1.5. There are now even
! 509: *more* options.
! 510:
! 511: CHANGES from sudo 1.3.5 BETA
! 512:
! 513: 162) Fixed S/Key support.
! 514:
! 515: 163) Cleaned up shadow password support further by moving much of
! 516: it to getspwuid.c.
! 517:
! 518: 164) First cut at DCE support. [needs work to be functional]
! 519:
! 520: 165) New Digital UNIX C2 support based on code from
! 521: "Randy M. Hayman" <haymanr@icefog.sois.alaska.edu>
! 522:
! 523: 166) S/key support now works with the generic bellcore s/key
! 524: as well as the s/key from Wietse Venema's logdaemon.
! 525: (Previously only worked with the logdaemon s/key).
! 526: As an added bonus the s/key challenge is now embedded
! 527: in the password prompt for a cleaner look.
! 528:
! 529: 167) lsearch.c will now compile on a strict ANSI C compiler.
! 530: ANSI doesn't allow pointer arithmetic on a "void *"
! 531: but gcc does.
! 532:
! 533: 168) Bought back latest HP-UX DCE support from Jeff Earickson
! 534: <jaearick@colby.edu>.
! 535:
! 536: 169) configure now comletely groks $SUDO_LIBS and $VISUDO_LIBS.
! 537: Plain old $LIBS is no longer used. LDFLAGS has also been
! 538: split up into $SUDO_LDFLAGS and $VISUDO_LDFLAGS.
! 539: The reason for this is that sudo often needs extra libs
! 540: for alternate authentication schemes but visudo rarely does.
! 541:
! 542: 170) The code to copy command arguments flaied for large values of
! 543: argc due to realloc() lossage. We now cheat and treat argv[]
! 544: as a flat string (since that's what it is) and use pointer
! 545: arithmetic to compute the length. Kind of sneaky but it
! 546: works (and is relatively fast).
! 547:
! 548: CHANGES from sudo 1.3.6 BETA
! 549:
! 550: 171) Added support for UN*X groups in sudoers based on code from
! 551: Dougal Scott <dwagon@aaii.oz.au>.
! 552:
! 553: 172) interfaces.c should work on ISC UN*X again.
! 554:
! 555: 173) All source files are <= 14 characters for old SYSV filesystems.
! 556:
! 557: CHANGES from sudo 1.3.7 GAMMA
! 558:
! 559: 174) Minor configure[.in] fixes.
! 560:
! 561: 175) tgetpass.c now compiles on OS's that put the definition of
! 562: fd_set in <sys/bsdtypes.h>
! 563:
! 564: CHANGES from sudo 1.4
! 565:
! 566: 176) Command args in sudoers are now stored in an argument vector
! 567: instead of a flat string to make wildcard matching simpler.
! 568:
! 569: 177) Added NewArgv and NewArgc that describe the command to be
! 570: executed. The copy of args in cmnd_args is no longer necessary
! 571: and has been removed.
! 572:
! 573: 178) Using strcmp(3) for argument matching in command_matches()
! 574: (was path_matches()) is no longer sufficient since we don't
! 575: have a flat string. compare_args() is used instead which
! 576: calls either strcmp(3) or wildmat(3l) depending on whether
! 577: there are shell-style meta chars (wildcards) present.
! 578:
! 579: 179) Shell-style wildcard matches are now available in the sudoers
! 580: file. Matches are done via Rich $alz's wildmat(3).
! 581: This required the tweaks described in #176-178 as well as
! 582: other, more minor, changes.
! 583:
! 584: 180) Commented out rule to build lex.yy.c from parse.lex since
! 585: we ship with a pre-flex'd parser and can't rely on file
! 586: dates being set correctly.
! 587:
! 588: 181) Fixed visudo and testsudoers to deal with new argument
! 589: vector handling.
! 590:
! 591: 182) A null string ("") as shell in passwd file (or $SHELL) is
! 592: now treated as the bourne shell.
! 593:
! 594: 183) Converted *.man to pod format for easy conversion to man,
! 595: html, latex, and just plain text. Tried to make the
! 596: sudoers manual easier to read in the process.
! 597:
! 598: 184) Updated sample.sudoers and sudoers.pod to include info
! 599: on wildcards.
! 600:
! 601: CHANGES from sudo 1.4.1
! 602:
! 603: 185) compat.h now defines _PASSWD_LEN based on PASS_MAX if it
! 604: is defined (from limits.h on SYSV).
! 605:
! 606: 186) Both short and long hostnames may now be used in the sudoers
! 607: file if FQDN is defined. From patches submitted by
! 608: Michael Meskes <meskes@Informatik.RWTH-Aachen.DE>.
! 609:
! 610: 187) Now use skeylookup() instead of skeychallenge(). Hopefully
! 611: this will work around a problem some people have reported
! 612: on Solaris 2.5 with sudo and logdaemon 5.0's skey.
! 613:
! 614: 188) Now uses /var/run to hold timestamp files if it exists. This
! 615: is more secure.
! 616:
! 617: 189) configure now puts the timestamp dir in /var/run if it exists.
! 618: Sugestion by Michael Meskes <meskes@Informatik.RWTH-Aachen.DE>.
! 619:
! 620: 190) Both short and long hostnames now exist even if FQDN is not set.
! 621: This allows machines with fully qualified hostnames set via
! 622: hostname(1) to use them in the sudoers file.
! 623:
! 624: 191) sudo was not honoring "." in $PATH due to a bug in find_path().
! 625:
! 626: 192) Added IGNORE_DOT_PATH option to ignore "." in $PATH.
! 627:
! 628: 193) tgetpass() now uses raw read(2) and write(2) instead of stdio.
! 629: This should make it work on more OS's. Previously, it used
! 630: stdio (buffered) fgets(3) and fputs(3) with select(2) which
! 631: may not be legal. Also got rid of the nasty goto's and
! 632: generally simplified the code.
! 633:
! 634: 194) Parser now supports hostnames like UPPERCASE.foo.com. Previously,
! 635: `UPPERCASE' was interpreted as an Alias. This means that
! 636: the `fqdn' stuff has been moved to the lexer (FQHOST is used
! 637: to avoid collision with FQDN option).
! 638:
! 639: 195) Reworked --with-FOO in configure.in to support --without-FOO.
! 640: Made shadow passwords the default for appropriate OS's. They
! 641: can be turned off with --without-C2.
! 642:
! 643: 196) Added NO_PASSWD option for those who don't want to be bothered
! 644: by a password prompt from sudo. This is really just a hack.
! 645:
! 646: 197) Added support for double quotes to mean "treat these words as one
! 647: argument". This is similar to what most shells do.
! 648:
! 649: 198) Added mkinstalldirs to make install destination dirs if
! 650: they do not already exist.
! 651:
! 652: CHANGES from sudo 1.4.2
! 653:
! 654: 199) Added support for --with-CC (which C compiler to use).
! 655:
! 656: 200) Added support for NOPASSWD token and running commands a
! 657: specified users (sudo -u) from Keith Garry Boyce
! 658: <garp@opustel.com>
! 659:
! 660: 201) Only link with -lshadow for Linux if libc lacks getspnam(). Problem
! 661: pointed out by Michael Meskes <meskes@Informatik.RWTH-Aachen.DE>.
! 662:
! 663: 202) Replaced SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID. Added
! 664: SUDOERS_MODE and changed the default to 0440 (from 0400).
! 665: It is now possible to NFS-mount sudoers without doing anything fancy.
! 666:
! 667: 202) If a runas list is specified, a user may only run commands as
! 668: "root" if "root" is a member of the runas list. The old behavior
! 669: was to always allow commands to be run as root, even if a runas
! 670: list was specified. Now you can give someone "sudo -u operator"
! 671: and not have the equivalent of "sudo -u root" as well.
! 672:
! 673: 203) Added "USER=%s" to logging functions.
! 674:
! 675: 204) configure will now add -lPW to (VI)?SUDO_LIBS if using bison
! 676: or DCE and alloca(3) is not in libc (or provided by gcc) but
! 677: is in libPW.a.
! 678:
! 679: 205) sudo would give an incorrect error message if the sudoers file
! 680: didn't exist due to close() stomping errno if the open() failed.
! 681:
! 682: 206) Fixed "shell" mode (sudo -s). When building NewArgv sudo was
! 683: not allocating space for the NULL.
! 684:
! 685: 207) Added support for wildcards in the pathname. Ie: /bin/*.
! 686:
! 687: 208) 'command ""' in sudoers now means no args allowed.
! 688:
! 689: 209) Added command line args to SUDO_COMMAND envariable.
! 690:
! 691: 210) HP-UX 10.x with C2 now uses bigcrypt().
! 692: Changes from david_dill@Merck.Com (David Dill).
! 693:
! 694: 211) lsearch.c will now compile w/o compiler warnings.
! 695: (Updated from NetBSD lsearch.c)
! 696:
! 697: 212) Now uses POSIX fnmatch(3) (which uses ! instead of ^ in ranges)
! 698:
! 699: CHANGES from sudo 1.4.3
! 700:
! 701: 213) Now allows network/netmask in sudoers to override per-interface
! 702: netmask.
! 703:
! 704: 214) Fixed -u support with multiple user lists on a line.
! 705:
! 706: 215) Fixed a core dump problem when built with -DSHELL_IF_NO_ARGS.
! 707:
! 708: 216) Fixed 2 typos in parse.yacc and removed some unnecessary if's.
! 709:
! 710: 217) Now always use install-sh since SunOS install can't do uid/gid's.
! 711: Other BSD installs are probably similarly afflicted.
! 712:
! 713: 218) Fixed NFS-mounted sudoers file under solaris both uid *and* gid
! 714: were being set to -2. Now set uid to 1 to avoid group being
! 715: remapped.
! 716:
! 717: 219) Now includes alloca.c (from gcc) for those w/o it. Linking
! 718: against -lPW breaks visudo on HP-UX and probably others.
! 719:
! 720: 220) Added --with-libpath, --with-libraries, --with-incpath options
! 721: to configure.
! 722:
! 723: 221) configure now uses shicc instead of gcc on BSD/OS >= 2.0 to
! 724: generate binaries linked with shared libs.
! 725:
! 726: 222) The parser was setting no_passwd even if there wasn't a
! 727: runas match. I reordered some things in parse.yacc
! 728: to fix this.
! 729:
! 730: 223) `sudo -v' (validate) wasn't paying attention to NOPASSWD.
! 731: Now it does.
! 732:
! 733: 224) testsudoers now groks "-u user".
! 734:
! 735: 225) Updated AFS support based on what tcsh 6.06 does.
! 736:
! 737: 226) Fixed a typo/thinko that broke BSD > 4.3reno wrt interfaces.c.
! 738:
! 739: 227) HPUX 10.X shadow password stuff now uses SecureWare routines.
! 740:
! 741: 228) SecureWare passwd checking now uses bigcrypt() if available.
! 742: Now uses AUTH_MAX_PASSWD_LENGTH if defined.
! 743:
! 744: 229) configure now makes sure you don't have a config.cache file
! 745: from another OS.
! 746:
! 747: 230) Added better shadow password detection.
! 748: BSD >= 4.3reno -> /etc/master.passwd
! 749: hpux9: getspwnam() -> /.secure/etc/passwd
! 750: hpux10: getspnam() or getprpwnam() -> /tcb/files/auth/*/* (link with -lsec)
! 751: SVR4: getspnam() -> /etc/shadow
! 752: solaris: getspnam() -> /etc/shadow
! 753: irix[56].x: getspnam() -> /etc/shadow
! 754: sunos 4.x: getpwanam() -> /etc/security/passwd.adjunct
! 755: DUNIX: getprpwnam() -> /tcb/files/auth/*/* (link with -lsecurity)
! 756: SecureWare: getprpwnam() -> /tcb/files/auth/*/*
! 757: ultrix 4.x: getauthuid() -> /etc/auth.{pag,dir}
! 758:
! 759: 231) '(' in command args no longer are a syntax error.
! 760:
! 761: 232) '!command' now works in the presence of a runas or NOPASSWD token.
! 762: Simplified parse rules wrt runas and NOPASSWD (more consistent).
! 763:
! 764: 233) Command args and now compared as a flat string again. This makes
! 765: wildcard matches more consistent.
! 766:
! 767: 234) DUNIX C2 support now groks AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT.
! 768:
! 769: 235) configure now uses config.{sub,guess} to guess OS type.
! 770: Sudo should work out of the box on more OS's now.
! 771:
! 772: 236) Got rid of HAVE_C2_SECURITY, now just use SHADOW_TYPE.
! 773:
! 774: 237) Fixed race in tgetpass() where echo can be turned off and
! 775: left off if sudo is used in a pipeline and a password is
! 776: required.
! 777:
! 778: CHANGES from sudo 1.4.4
! 779:
! 780: 238) `sudo -l' output now includes runas and NOPASSWD info and
! 781: asks for a password unless NOPASSWD for ALL is set.
! 782:
! 783: 239) Sudo can now deal with all-caps user and host names.
! 784:
! 785: 240) Sudo will now remove the "ENV" and "BASH_ENV" envariables.
! 786: From Michael Meskes <meskes@Informatik.RWTH-Aachen.DE>.
! 787:
! 788: 241) `sudo -l' will now expand Cmnd_Alias's (could be prettier).
! 789:
! 790: 242) `sudo -s' will now set $HOME to root's homedir (or that of
! 791: the user specified -u) so dot files get sourced.
! 792:
! 793: CHANGES from sudo 1.4.5
! 794:
! 795: 243) $HOME was always being set, not just with `-s'.
! 796:
! 797: 244) In visudo, the owner and group of the sudoers file were
! 798: being set too early; an editor could change them and change
! 799: the owner/group of the resulting sudoers file.
! 800:
! 801: CHANGES from sudo 1.5
! 802:
! 803: 245) Added SHELL_SETS_HOME option.
! 804:
! 805: 246) Added NO_MESSAGE option.
! 806:
! 807: 247) Added %u and %h escapes in PASSPROMPT to expand to user's name
! 808: and host.
! 809:
! 810: 248) Added "SUDO_PROMPT" envariable.
! 811:
! 812: 249) Usernames may now begin with a digit. Gross, but people do it.
! 813:
! 814: Sudo 1.5.1 released.
! 815:
! 816: 250) Added `opie' support.
! 817:
! 818: 251) Added check to make sure fnmatch() really works.
! 819:
! 820: 252) Now use the prompt S/Key gives us instead of rolling our own.
! 821:
! 822: 253) Added -H flag from Danny Barron <dcbarro@nppd.com>.
! 823:
! 824: 254) Add SUDO_PS1 envariable support.
! 825:
! 826: 255) Attempt at sequent support.
! 827:
! 828: Sudo 1.5.2 released.
! 829:
! 830: 256) visudo acts sanely when there is no sudoers file.
! 831:
! 832: 257) Added Runas_Alias support.
! 833:
! 834: 258) Sudo will now work with SUDOERS_MODE == 400 and SUDO_UID = 0.
! 835:
! 836: 259) Alias's in a runas list are now expanded.
! 837:
! 838: 260) Fixed bug with > 32 saved aliases. Reported by BHH@capgroup.com.
! 839:
! 840: 261) Code that uses sprintf() is now more paranoid about buffer
! 841: overflows.
! 842:
! 843: 262) Whitespace is now allowed after a line continuation character before
! 844: a newline in sudoers.
! 845:
! 846: 263) %h in MAILSUBJECT expands to local hostname.
! 847:
! 848: Sudo 1.5.3 released.
! 849:
! 850: 264) Don't pass getdtablesize() as first arg to select(2). No need
! 851: to do this since we only select on one fd--use (fd+1) as nfds
! 852: and the old way caused problems on some systems (arguably
! 853: a bug in those OS's). From Marc Slemko marcs@znep.com.
! 854:
! 855: 265) Fixed coredump when passwd file is missing or unavailable.
! 856: Reported by Jason Downs <downsj@teeny.org> and
! 857: Klee Dienes <klee@mit.edu> (via a Debian Linux bug report).
! 858:
! 859: 266) Fixed bug wrt exclusion lists and relative pathnames.
! 860: Reported by osiris@COURIER.CB.LUCENT.COM.
! 861:
! 862: 267) exit(1) if user doesn't enter a passwd.
! 863: Noted by Alex Parchkov <alexp@ind.tansu.com.au>.
! 864:
! 865: Sudo 1.5.4 released.
! 866:
! 867: 268) Newer versions of Irix use _RLDN32_* envariables for 32-bit binaries
! 868: so ignore _RLD* instead of _RLD_*. From tarrall@bamboo.Colorado.EDU.
! 869:
! 870: 269) Only open sudoers file once as opposed to once for sanity checks and
! 871: once for the parser. Also try to open ten times if we get EAGAIN.
! 872:
! 873: Sudo 1.5.5 released.
! 874:
! 875: 270) Initialize group vector if we are becoming a user other than root.
! 876: For root, it is often more useful to hang on to our existing group
! 877: vector.
! 878:
! 879: 271) Fix usage of select(2) to deal correctly with a high-numbered fd.
! 880:
! 881: 272) Fixed a bug where sudo sometime didn't give the user a chance to
! 882: enter a password at the prompt.
! 883:
! 884: 273) Use a dynamically sized buffer when reading ether interfaces.
! 885:
! 886: 274) Fixed configure problems with identification of HP-UX > 10.x and
! 887: with cc being identified as a cross compiler on some platforms.
! 888:
! 889: 275) Fixed a problem with HP-UX 10.x and alloca. Bison does not
! 890: include alloca.h on HP-UX 10.x even though it uses alloca()
! 891: (and thus needs the #define of alloca(x) to __builtin_alloca(x)).
! 892: To fix this we include alloca.h ourselves if using bison and not gcc.
! 893:
! 894: 276) Included support for the AIX 4.x authenticate() function from
! 895: Matt Richards <v2matt@btv.ibm.com>.
! 896:
! 897: 277) Fixed an off by one error in the parser. Found by
! 898: Piete Brooks <Piete.Brooks@cl.cam.ac.uk>
! 899:
! 900: 278) Change NewArgv size computation to work on UNICOS.
! 901: From Mike Kienenberger <mkienenb@arsc.edu>
! 902:
! 903: 279) Added --with-logfile and --with-timedir configure options.
! 904:
! 905: 280) Use getcwd(3), not getwd(3) to avoid possible buffer overflow.
! 906: Use BSD getcwd(3) if system lacks one or is SunOS 4.x.
! 907:
! 908: 281) Fix 'fprintf' argument mismatches in 'visudo.c'.
! 909: From ariel@oz.engr.sgi.com (Ariel Faigon)
! 910:
! 911: 282) Use waitpid or wait3 to reap children in logging.c.
! 912: Pointed out by Theo de Raadt <deraadt@theos.com>
! 913:
! 914: 283) Sudo should prompt for a password before telling the user that
! 915: a command could not be found. Noted by rhodie@NAC.NET.
! 916:
! 917: 284) Fix OTP_ONLY for opie; "Deven T. Corzine" <deven@fuse.net>.
! 918:
! 919: 285) Include pre-yacc'd parse.yacc as sudo.tab.[ch] since more and
! 920: more vendors are charging for yacc (bad vendor, no cookie).
! 921:
! 922: 286) Use MAX*, not MAX*+1
! 923:
! 924: 287) Add support for Hitachi SR2201, from b-edgington@hpcc.hitachi-eu.co.uk
! 925:
! 926: 288) Added RUNAS_DEFAULT option to allow one to compile sudo with a
! 927: default runas user other than root.
! 928:
! 929: 289) Add options to log the hostname in the file-based log and to not
! 930: do word wrap in file-based log. From Theo Van Dinter <tvd@chrysalis.com>
! 931:
! 932: 290) RedHat Linux pam support, from Gary Calvin <GCalvin@kenwoodusa.com>.
! 933: pam.sudo goes in /etc/pam.d/sudo on RedHat 5.0 and above.
! 934:
! 935: 291) With sudo -s, set command the full path of the shell, not the basename.
! 936: Noted by Peter W. Osel <pwo@guug.de>
! 937:
! 938: Sudo 1.5.6 released.
! 939:
! 940: 292) Pam auth now runs as root; necessary for shadow passwords.
! 941:
! 942: 293) Shadow password support is now compiled in by default. You can disable
! 943: it via --disable-shadow.
! 944:
! 945: 294) We now remove a timestamp file with a bogus date when it is detected.
! 946: From Steve Fobes <sfobes@uswest.com>.
! 947:
! 948: 295) In tgetpass(), restart select if it is interrupted. This really fixes a
! 949: problem where a user sometimes is not given a change to enter a password.
! 950:
! 951: 296) All options have moved from options.h -> configure.
! 952:
! 953: 297) visudo is now installed in /usr/local/sbin where it belongs.
! 954:
! 955: 298) Lots of configure changes. Instead of checking for the existence
! 956: of -lsocket, -lnsl, or -linet, we instead check them for the
! 957: functions we need only if they are not already in libc.
! 958:
! 959: 299) Added DUNIX SIA (Security Integration Architecture) support from
! 960: Spider Boardman <spider@Orb.Nashua.NH.US>.
! 961:
! 962: 300) Added test for broken Digital UNIX 4.0 prot.h.
! 963:
! 964: 301) Better support for C2 security on Digital UNIX.
! 965:
! 966: 302) Hacked autoconf so that you have have single quotes in
! 967: --with-passprompt.
! 968:
! 969: 303) For SecureWare-style shadow passwords use getprpwnam() instead
! 970: of getprpwuid() since getprpwuid is broken in HP-UX 10.20 at
! 971: least (it sleeps for 2 minutes if the shadow files don't exist).
! 972:
! 973: 304) We can't really trust UID_MAX or MAXUID since they may only exist for
! 974: backwards compatibility; spider-both@Orb.Nashua.NH.US
! 975:
! 976: 305) Make %groups work as RunAs specifiers; Ray Bellis <rpb@community.net.uk>.
! 977:
! 978: 306) Set USER environment variable to target user.
! 979: Suggested by Ray Bellis <rpb@community.net.uk>.
! 980:
! 981: 307) Go back to printing "command not found" unless --disable-path-info
! 982: specified. Also, tell user when we ignore '.' in their path and it
! 983: would have been used but for --with-ignore-dot.
! 984:
! 985: 308) When using tty tickets make it user:tty not user.tty as a username
! 986: could have a '.' in it.
! 987:
! 988: 309) Define BSD_COMP for svr4 to get BSD ioctl defs. Also, if we have
! 989: sys/sockio.h but SIOCGIFCONF is not defined by including sys/ioctl.h
! 990: include sys/sockio.h directly.
! 991:
! 992: 310) Fixed a bug that could cause "sudo -l" to segfault or complain
! 993: about non-existent syntax errors.
! 994:
! 995: Sudo 1.5.7 released.
! 996:
! 997: 311) Fixed square bracket quoting in configure and moved check for -lnsl
! 998: to be before -lsocket.
! 999:
! 1000: 312) In load_interfaces(), close sock after bwe are done with it. Leak
! 1001: noticed by Mike Kienenberger <mkienenb@arsc.edu>.
! 1002:
! 1003: 313) Missing pieces from change #308; from Mike Kienenberger.
! 1004:
! 1005: 314) Real Kerberos 5 support from Frank Cusack <fcusack@iconnet.net>.
! 1006:
! 1007: 315) FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>.
! 1008:
! 1009: 316) Fixed handling and documentation of -with-umask.
! 1010:
! 1011: 317) If the check for socket() or inet_addr() fails, retry, this time
! 1012: linking with both -lsocket and -lnsl for those systems that
! 1013: have interlibrary dependencies.
! 1014:
! 1015: Sudo 1.5.8 released.
! 1016:
! 1017: 318) Add dirfd() macro for systems without it.
! 1018:
! 1019: 319) Better check for socket() in -lsocket -lnsl in configure.
! 1020:
! 1021: 320) Minor configure fixes.
! 1022:
! 1023: Sudo 1.5.8p1 released.
! 1024:
! 1025: 321) Fixed a bug wrt quoting characters in command args.
! 1026:
! 1027: 322) Make --without-sendmail work.
! 1028:
! 1029: Sudo 1.5.8p2 released.
! 1030:
! 1031: 323) Fixed a segv if HOST_IN_LOG defined and gethostbyname() fails.
! 1032: Reported by Gero Treuner <gero@faveve.uni-stuttgart.de>.
! 1033:
! 1034: 324) Fixed a parse bug wrt the ! operator and runas specs. Noted by
! 1035: David A Beck <BKD@payserv.telekurs.com>.
! 1036:
! 1037: 325) Use new emalloc/erealloc/estrdup functions (catch errors and exit).
! 1038:
! 1039: 326) New PAM code that should work on both Solaris and Linux.
! 1040:
! 1041: 327) Make sudo's usage info better when mutually exclusive args are given
! 1042: and don't rely on argument order to detect this. From Nick Andrew.
! 1043:
! 1044: 328) In visudo, shift return value of system() by 8 to get the real exit value.
! 1045:
! 1046: Sudo 1.5.9 released.
! 1047:
! 1048: 329) The runas user and NOPASSWD tags are now persistent across entries
! 1049: in a command list (ie: cmnd1,cmnd2,cmnd3). A PASSWD tag has been
! 1050: added to reverse NOPASSWD. The runas user and *PASSWD tags can be
! 1051: overridden on a per-command basis at which point they become the
! 1052: new default for the rest of the list.
! 1053:
! 1054: 330) It is now possible to use the '!' operator in a runas list as
! 1055: well as in a Cmnd_Alias, Host_Alias and User_Alias.
! 1056:
! 1057: 331) In estrdup(), do the malloc ourselves so we don't need to rely on the
! 1058: system strdup(3) which may or may not exist. There is now no need to
! 1059: provide strdup() for those w/o it.
! 1060:
! 1061: 332) You can now specify a host list instead of just a host or alias
! 1062: in a privilege list. Ie: user=host1,host2,ALIAS,!host3 /bin/ls
! 1063:
! 1064: 333) Stash the "safe" path to the command instead of stashing the struct
! 1065: stat. Should be safer.
! 1066:
! 1067: 334) Now set $LOGNAME in addition to $USER.
! 1068:
! 1069: 335) No longer use stdio in tgetpass()
! 1070:
! 1071: 336) Don't use _PASSWD_LEN or PASS_MAX as we can't rely on them corresponding
! 1072: to anything real. Instead, we just use a max password size of 256
! 1073: everywhere.
! 1074:
! 1075: 337) Block keyboard-generated signals during startup and restore signal
! 1076: mask before exec'ing the program. We don't want the user to be
! 1077: able to simply kill us and avoid logging.
! 1078:
! 1079: 338) Rewrote timestamp handling. For the default case, a directory is used
! 1080: instead of a file. For the tty-based case, the timestamp is just a
! 1081: file in that directory (eg. /var/run/sudo/username/tty). You now only
! 1082: get the lecture once, even in the tty case. The goal here is to allow
! 1083: the tty and non-tty schemes to coexist, though it is worth noting that
! 1084: when you update a tty file, the mtime of the dir gets updated too.
! 1085:
! 1086: 339) The meaning of -k has changed to mean "invalidate the timestamp".
! 1087: There is a new -K option to really remove the timestamp file/dir.
! 1088:
! 1089: 340) New modular authentication API. This fixes the rat's nest of
! 1090: #ifdefs that was the old auth code.
! 1091:
! 1092: 341) New logging functions. log_error() now takes a variable number of
! 1093: args ala printf() and log_auth() reacts to the return value of validate().
! 1094:
! 1095: 342) If a user is not in the sudoers file they are still asked for a password.
! 1096: This keeps someone who finds a user logged in to a terminal from being
! 1097: able to tell whether or not the user is allowed to use sudo.
! 1098:
! 1099: 343) New PAM code again, this time it should be correct.
! 1100:
! 1101: 344) tgetpass() now has a flag to specify whether or not to turn
! 1102: off echo while reading the password. Used by the new PAM and
! 1103: fwtk code.
! 1104:
! 1105: 345) Fixed shadow password dectection on SCO.
! 1106:
! 1107: 346) Sudo is now available under a BSD/Apache style license. This is
! 1108: possible because it no longer contains any of the original 1.1 code.
! 1109:
! 1110: 347) Added configuration info when sudo is run with the -V flag by root.
! 1111:
! 1112: 348) Change visudo tmp file from /etc/stmp -> /etc/sudoers.tmp since
! 1113: Solaris uses stmp for shadow temp file. Also rename _PATH_SUDO_SUDOERS
! 1114: to _PATH_SUDOERS and _PATH_SUDO_STMP to _PATH_SUDOERS_TMP.
! 1115:
! 1116: 349) Added configure option to set syslog priorities.
! 1117:
! 1118: 350) Sudo now locks its log file to prevent mangled entries.
! 1119:
! 1120: 351) Visudo now locks the sudoers temp file instead of bailing when
! 1121: the temp file already exists. This fixes the problem of stale
! 1122: temp files but it does *require* that you not try to put the
! 1123: temp file in a world-writable directory. This shoud not be
! 1124: an issue as the temp file should live in the same dir as sudoers.
! 1125:
! 1126: 352) Fixed crypt() check in libufc.
! 1127:
! 1128: 353) It is now possible to put a list of users as the first thing in a
! 1129: user specification. I don't suggest this but it makes the grammar
! 1130: more uniform.
! 1131:
! 1132: 354) Visudo will now warn about what it thinks are undefined aliases.
! 1133: Since it can't be 100% sure these are just warnings, not errors.
! 1134:
! 1135: 355) Add a --without-passwd option to configure that turns off
! 1136: passwd/shadow file authentication. Only usable with an alternate
! 1137: authentication scheme.
! 1138:
! 1139: 356) Add a --disable-authentication option to configure that causes sudo
! 1140: to not require authentication by default. The PASSWD tag can be
! 1141: used to require authentication for an entry.
! 1142:
! 1143: 357) Add a --with-devel option to add -Wall and uncomment yacc/lex
! 1144: generation in Makefile.
! 1145:
! 1146: 358) Zero out plaintext password after use (should do encrypted as well).
! 1147:
! 1148: 359) Added real dependencies in Makefile.
! 1149:
! 1150: 360) Deprecated --with-otp-only in favor of --without-passwd.
! 1151:
! 1152: 361) Add --with-mail-if-no-host to send mail if a user tries to run sudo on
! 1153: a host for which he/she is not authorized.
! 1154:
! 1155: 362) Most of sudo now runs as root instead of the invoking user to
! 1156: minimize the possibility of user control via signals or tracing.
! 1157:
! 1158: 363) Now Support CIDR-style netmasks (ie: 128.138.0.0/16).
! 1159:
! 1160: 364) In "sudo -l" mode, the type of the stored (expanded) alias was not
! 1161: stored with the contents. This could lead to incorrect output
! 1162: if the sudoers file had different alias types with the same name.
! 1163: Normal parsing (ie: not in '-l' mode) is unaffected.
! 1164:
! 1165: 365) Now include strcasecmp() for those without it.
! 1166:
! 1167: 366) Most compile-time options are now changable at runtime via
! 1168: the 'Defaults' specification in the sudoers file.
! 1169:
! 1170: 367) Added a -L flag to printout all the possible 'Defaults' parameters.
! 1171:
! 1172: 368) It is now possible to escape "special" characters in usernames, hostnames,
! 1173: etc with a backslash.
! 1174:
! 1175: 369) Sudo will now accept a hostname/username/netgroupname that contains
! 1176: almost any character in it. It seems many people want to use '.'
! 1177: and other non-alphanumerics in usernames.
! 1178:
! 1179: 370) Fixed the root_sudo option. Sudo was always complaining that root
! 1180: was not allowed to run sudo if the root_sudo flag was turned off.
! 1181:
! 1182: 371) tgetpass() now uses a function to read up until the end of line.
! 1183: Fixes problems in a pipeline when a program sets the tty mode
! 1184: to be character at a time.
! 1185:
! 1186: 372) sudo now turns off core dumps via setrlimit (probably paranoia).