2010年7月 6日

[installer 2428] sudo-1.7.3, 1.7.2p8

sudo-1.7.3, 1.7.2p8 出ています。

☆ sudo-1.7.3
http://www.sudo.ws/
http://www.sudo.ws/sudo/dist/sudo-1.7.3.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.7.3.tar.gz

What's new in Sudo 1.7.3?


* Support for logging I/O for the command being run.
For more information, see the documentation for the "log_input"
and "log_output" Defaults options in the sudoers manual. Also
see the sudoreplay manual for how to replay I/O log sessions.

* The use_pty sudoers option can be used to force a command to be
run in a pseudo-pty, even when I/O logging is not enabled.

* On some systems, sudo can now detect when a user has logged out
and back in again when tty-based time stamps are in use. Supported
systems include Solaris systems with the devices file system,
Mac OS X, and Linux systems with the devpts filesystem (pseudo-ttys
only).

* On AIX systems, the registry setting in /etc/security/user is
now taken into account when looking up users and groups. Sudo
now applies the correct the user and group ids when running a
command as a user whose account details come from a different
source (e.g. LDAP or DCE vs. local files).

* Support for multiple 'sudoers_base' and 'uri' entries in ldap.conf.
When multiple entries are listed, sudo will try each one in the
order in which they are specified.

* Sudo's SELinux support should now function correctly when running
commands as a non-root user and when one of stdin, stdout or stderr
is not a terminal.

* Sudo will now use the Linux audit system with configure with
the --with-linux-audit flag.

* Sudo now uses mbr_check_membership() on systems that support it
to determine group membership. Currently, only Darwin (Mac OS X)
supports this.

* When the tty_tickets sudoers option is enabled but there is no
terminal device, sudo will no longer use or create a tty-based
ticket file. Previously, sudo would use a tty name of "unknown".
As a consequence, if a user has no terminal device, sudo will
now always prompt for a password.

* The passwd_timeout and timestamp_timeout options may now be
specified as floating point numbers for more granular timeout
values.

* Negating the fqdn option in sudoers now works correctly when sudo
is configured with the --with-fqdn option. In previous versions
of sudo the fqdn was set before sudoers was parsed.


☆ sudo-1.7.2p8
http://www.sudo.ws/
http://www.sudo.ws/sudo/dist/sudo-1.7.2p8.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.7.2p8.tar.gz

2010-06-29 Todd C. Miller <Todd.Miller@xxxxx>

* env.c: In unsetenv() check for NULL or empty name as per
POSIX 1003.1-2008

* env.c: Do not rely on env.env_len when unsetting a variable,
just use the NULL terminator.

2010-06-25 Todd C. Miller <Todd.Miller@xxxxx>

* env.c: In unsetenv(), do not assign ep early as we may
end up reallocating env.envp which could result in ep
pointing to freed memory if the environ pointer is out
of sync with env.envp.

* pwutil.c: Ignore case when matching user/group names in
the cache. From Quest sudo.

* sudo.c: Defer call to sudo_nonunix_groupcheck_cleanup()
until after we have closed the sudoers sources. From Quest
sudo.

* vasgroups.c: Use warningx() instead of log_error() since
the latter is not available to visudo or testsudoers. This
does mean that they don't end up in syslog.

----
こがよういちろう


投稿者 xml-rpc : 2010年7月 6日 13:14
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/96881
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。