Major changes between version 1.7.5b5 and 1.7.5rc1:
Fixed compilation issues on SVR5.
Added help text to -h option for sudo, visudo, and sudoreplay.
Major changes between version 1.7.5b4 and 1.7.5b5:
Fixed compilation on GNU/Hurd.
Major changes between version 1.7.5b3 and 1.7.5b4:
Fixed compilation on HP-UX with the bundled compiler.
Sudo now passes SIGUSR1 and SIGUSR2 through to the child process.
Cosmetic changes to reduce diffs between sudo 1.7.5 and 1.8.0.
Major changes between version 1.7.5b2 and 1.7.5b3:
Sudo will no longer refuse to run if the sudoers file is writable
Sudo now performs command line escaping for "sudo -s" and "sudo -i"
after validating the command so the sudoers entries do not need
to include the backslashes.
Logging and email sending are now done in the locale specified
by the "sudoers_locale" setting ("C" by default). Email send by
sudo now includes MIME headers when "sudoers_locale" is not "C".
The configure script has a new option, --disable-env-reset, to
allow one to change the default for the sudoers Default setting
"env_reset" at compile time.
When logging "sudo -l command", sudo will now prepend "list "
to the command in the log line to distinguish between an
actual command invocation in the logs.
Double-quoted group and user names may now include escaped double
quotes as part of the name. Previously this was a parse error.
Sudo once again restores the state of the signal handlers it
modifies before executing the command. This allows sudo to be
used with the nohup command.
Resuming a suspended shell now works properly when I/O logging
is not enabled (the I/O logging case was already correct).
Major changes between version 1.7.5b1 and 1.7.5b2:
LDAP Sudoers entries may now specify a time period for which
the entry is valid. This requires an updated sudoers schema
that includes the sudoNotBefore and sudoNotAfter attributes.
Support for timed entries must be explicitly enabled in the
ldap.conf file. Based on changes from Andreas Mueller.
LDAP Sudoers entries may now specify a sudoOrder attribute that
determines the order in which matching entries are applied; the first
matching entry is used. This requires an updated sudoers schema that
includes the sudoOrder attribute. Based on changes from Andreas Mueller.
When run as sudoedit, or when given the -e flag, sudo now treats
command line arguments as pathnames. This means that slashes
in the sudoers file entry must explicitly match slashes in
the command line arguments. As a result, and entry such as:
user ALL = sudoedit /etc/*
will allow editing of /etc/motd but not
NETWORK_TIMEOUT is now an alias for BIND_TIMELIMIT
in ldap.conf for compatibility with OpenLDAP configuration files.
The LDAP API TIMEOUT parameter is now honored in ldap.conf.
Major changes between version 1.7.4 and 1.7.5b1:
The LOG_INPUT and LOG_OUTPUT tags in sudoers are
now parsed correctly.
When using visudo in check mode, a file named "-" may be used to
check sudoers data on the standard input.
Sudo now only fetches shadow password entries when using the
password database directly for authentication.
Password and group entries are now cached using the same key
that was used to look them up. This fixes a problem when looking
up entries by name if the name in the retrieved entry does not
match the name used to look it up. This may happen on some systems
that do case insensitive lookups or that truncate long names.
GCC will no longer display warnings on glibc systems that use
the warn_unused_result attribute for write(2) and other
If a PAM account management module denies access, sudo now prints
a more useful error message and stops trying to validate the user.
Fixed a bug introduced in sudo 1.7.3 where the ticket file was not
being honored when the "targetpw" sudoers Defaults option was enabled.
Fixed a potential hang on idle systems when the sudo-run process
Fixed a crash when Solaris project support was enabled and the
-g flag was used.
Sudo no longer exits with an error when support for
auditing is compiled in but auditing is not enabled.
Fixed a crash with "sudo -l" when auditing is enabled and the
user is not allowed to run any commands on the host.
Sudo will now examine all matching LDAP entries when doing a
lookup, even if there has already been a positive match. This
catches negative matches that may exist in other entries and
more closely match the sudoers file behavior.
Sudo now includes a copy of zlib that will be used on systems
that do not have zlib installed.
The --with-umask-override configure flag has been added to enable
the "umask_override" sudoers Defaults option at build time.
Sudo now unblocks all signals on startup to avoid problems caused
by the parent process changing the default signal mask.
Major changes between version 1.7.4rc1 and 1.7.4rc2:
Added support for Ubuntu-style admin flag dot files.
Major changes between version 1.7.4b5 and 1.7.4rc1:
Sudo now performs I/O logging in the C locale. This avoids
locale-related issues when parsing floating point
numbers in the timing file.
Major changes between version 1.7.4b4 and 1.7.4b5:
Fixed a build problem on Solaris.
Fixed "sudo -i -u user" where user has no shell listed in the
When logging I/O, sudo now handles pty read/write returning ENXIO,
as seen on FreeBSD when the login session has been killed.
Major changes between version 1.7.4b3 and 1.7.4b4:
If pam is in use, wait until the process has finished before closing
the PAM session.
The WHATSNEW file has been renamed NEWS.
Compilation fix for mkstemps.c on some systems.
Major changes between version 1.7.4b2 and 1.7.4b3:
The tty_tickets option is now on by default.
Fixed a problem in the restoration of the AIX authdb registry setting.
Major changes between version 1.7.4b1 and 1.7.4b2:
Visudo will now treat an unrecognized Defaults entry as a
parse error (sudo will warn but still run).
The HOME and MAIL environment variables are now reset based on the
target user's password database entry when the env_reset sudoers option
is enabled (which is the case in the default configuration). Users
wishing to preserve the original values should use a sudoers entry like:
Defaults env_keep += HOME
to preserve the old value of HOME and
Defaults env_keep += MAIL
to preserve the old value of MAIL.
Fixed a build problem with boottime.c on some systems.
Major changes between version 1.7.3 and 1.7.4b1:
Sudoedit will now preserve the file extension in the name of the
temporary file being edited. The extension is used by some
editors (such as emacs) to choose the editing mode.
Time stamp files have moved from /var/run/sudo to either /var/db/sudo,
/var/lib/sudo or /var/adm/sudo. The directories are checked for
existence in that order. This prevents users from receiving the
sudo lecture every time the system reboots. Time stamp files older
than the boot time are ignored on systems where it is possible to
Ancillary documentation (README files, LICENSE, etc) is now installed
in a sudo documentation directory.
Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile"
Defaults settings that are tied to a user, host or command may
now include the negation operator. For example:
will match any user but millert.
The default PATH environment variable, used when no PATH variable
exists, now includes /usr/sbin and /sbin.
Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/)
for cross-platform packing.
On Linux, sudo will now restore the nproc resource limit before
executing a command, unless the limit appears to have been modified
by pam_limits. This avoids a problem with bash scripts that open
more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX)
will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1).
Major changes between version 1.7.3b4 and 1.7.3rc1:
Password and group name cache lookups are now done in a case
URI entries in ldap.conf may now be specified
Fixed a problem with the environment handling on OpenBSD.
Sudo now supports AIX per-user password database sources
via the registry parameter in /etc/security/user.
In 1.7.3b4 sudo uses the SYSTEM parameter.
Major changes between version 1.7.3b3 and 1.7.3b4:
Sudo will now use the Linux audit system with configure with
the --with-linux-audit flag.
When the tty_tickets sudoers option is enabled but there is no
terminal device, sudo will no longer use or create a tty-based
ticket file. Previously, sudo would use a tty name of "unknown".
As a consequence, if a user has no terminal device, sudo will
now always prompt for a password.
Negating the fqdn option in sudoers now works correctly when sudo
is configured with the --with-fqdn option. In previous versions
of sudo the fqdn was set before sudoers was parsed.
Repaired the -i optino which was broken in 1.7.3b3.
On AIX, sudo now sets the userinfo like login(1) does when
running a command.
Sudo now supports AIX per-user password database sources
via the SYSTEM parameter in /etc/security/user.
Major changes between version 1.7.2p7 and 1.7.3b3:
Support for logging I/O for the command being run.
For more information, see the documentation for the log_input
and log_output Defaults options in the sudoers manual.
Also see the sudoreplay manual for how to replay I/O log sessions.
The use_pty sudoers option can be used to force a command
to be run in a pseudo-pty, even when I/O logging is not enabled.
On some systems, sudo can now detect when a user has logged out
and back in again when tty-based time stamps are in use. Supported
systems include Solaris systems with the devices file system, Mac
OS X, and Linux systems with the devpts filesystem (pseudo-ttys
Sudo's SELinux support should now function correctly when running
commands as a non-root user and when one of stdin, stdout or stderr
is not a terminal.
Sudo now uses mbr_check_membership() on systems that support it
to determine group membership. Currently, only Darwin (Mac OS X)
The passwd_timeout and timestamp_timeout options may now be
specified as floating point numbers for more granular timeout