291) With sudo -s, set command the full path of the shell, not the basename.
Noted by Peter W. Osel <pwo@guug.de>
+
+Sudo 1.5.6 released.
+
+292) Pam auth now runs as root; necessary for shadow passwords.
+
+293) Shadow password support is now compiled in by default. You can disable
+ it via --disable-shadow.
+
+294) We now remove a timestamp file with a bogus date when it is detected.
+ From Steve Fobes <sfobes@uswest.com>.
+
+295) In tgetpass(), restart select if it is interupted. This really fixes a
+ problem where a user sometimes is not given a change to enter a password.
+
+296) All options have moved from options.h -> configure.
+
+297) visudo is now installed in /usr/local/sbin where it belongs.
+
+298) Lots of configure changes. Instead of checking for the existence
+ of -lsocket, -lnsl, or -linet, we instead check them for the
+ functions we need only if they are not already in libc.
+
+299) Added DUNIX SIA (Security Integration Architecture) support from
+ Spider Boardman <spider@Orb.Nashua.NH.US>.
+
+300) Added test for broken Digital UNIX 4.0 prot.h.
+
+301) Better support for C2 security on Digital UNIX.
+
+302) Hacked autoconf so that you have have single quotes in
+ --with-passprompt.
+
+303) For SecureWare-style shadow passwords use getprpwnam() instead
+ of getprpwuid() since getprpwuid is broken in HP-UX 10.20 at
+ least (it sleeps for 2 minutes if the shadow files don't exist).
+
+304) We can't really trust UID_MAX or MAXUID since they may only exist for
+ backwards compatibility; spider-both@Orb.Nashua.NH.US
+
+305) Make %groups work as RunAs specifiers; Ray Bellis <rpb@community.net.uk>.
+
+306) Set USER environment variable to target user.
+ Suggested by Ray Bellis <rpb@community.net.uk>.
+
+307) Go back to printing "command not found" unless --disable-path-info
+ specified. Also, tell user when we ignore '.' in their path and it
+ would have been used but for --with-ignore-dot.
+
+308) When using tty tickets make it user:tty not user.tty as a username
+ could have a '.' in it.
+
+309) Define BSD_COMP for svr4 to get BSD ioctl defs. Also, if we have
+ sys/sockio.h but SIOCGIFCONF is not defined by including sys/ioctl.h
+ include sys/sockio.h directly.
+
+310) Fixed a bug that could cause "sudo -l" to segfault or complain
+ about non-existent syntax errors.
+
+Sudo 1.5.7 released.
+
+311) Fixed square bracket quoting in configure and moved check for -lnsl
+ to be before -lsocket.
+
+312) In load_interfaces(), close sock after bwe are done with it. Leak
+ noticed by Mike Kienenberger <mkienenb@arsc.edu>.
+
+313) Missing pieces from change #308; from Mike Kienenberger.
+
+314) Real Kerberos 5 support from Frank Cusack <fcusack@iconnet.net>.
======= ======= ======= =============== ======= =============== ===============
Auspex 1.6.1 sun4 bundled cc 1.3.4 Alek Komarnitsky none
SunOS 4.1.3 sun4 bundled cc 1.4 Todd Miller none
-SunOS 4.1.3 sun4 gcc2.7.2.1 1.5.6 Todd Miller none
+SunOS 4.1.3 sun4 gcc2.7.2.1 1.5.7 Todd Miller none
SunOS 4.1.3 sun4 gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4
-SunOS 4.1.3 sun4 gcc2.7.2.1 1.5.6 Todd Miller --with-skey
+SunOS 4.1.3 sun4 gcc2.7.2.1 1.5.7 Todd Miller --with-skey
SunOS 4.1.3 sun4 bundled cc 1.5 Alek Komarnitsky --with-C2
-Solaris 2.[45] sun4 SC4.0 1.5 Alek Komarnitsky none
-Solaris 2.6 x86 gcc2.7.2.1 1.5.6 Todd Miller none
+Solaris 2.5.1 sparc SC4.0 1.5.6p1 Brian Jackson none
Solaris 2.5.1 sun4u gcc2.7.2.3 1.5.4 Leon von Stauber none
Solaris 2.5.1 i386 gcc2.7.2 1.5.4 Leon von Stauber none
+Solaris 2.6 sparc gcc2.7.2.1 1.5.7 Todd Miller none
+Solaris 2.6 i386 gcc2.7.2.1 1.5.7 Todd Miller none
ISC 4.0 i386 bundled cc 1.4 Andy Smith none
ISC 4.0 i386 gcc2.7.0 1.4 Andy Smith none
ISC 4.1 i386 bundled cc 1.4 Andy Smith none
HP-UX 9.05 hp700 gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4
HP-UX 9.07 hp700 unbundled cc 1.5 Alek Komarnitsky --with-C2
HP-UX 9.05 hp700 unbundled cc 1.4 Todd Miller none
-HP-UX 10.10 hp700 gcc2.7.2.1 1.5.6 Todd Miller --with-skey
+HP-UX 10.20 hp700 gcc2.7.2.1 1.5.7 Todd Miller --with-skey
HP-UX 10.10 hp700 unbundled cc 1.5.5b4 Todd Miller --with-skey
HP-UX 10.20 PA-RISC1.1 bundled cc 1.5.4 Leon von Stauber none
HP-UX 10.20 PA-RISC2.0 bundled cc 1.5.4 Leon von Stauber none
HP-UX 11.00 hp700 ansi-c 1.5.5b1 Alek Komarnitsky --with-C2
+HP-UX 11.00 hp700 bundled cc 1.5.5p5 Lynn Osburn none
HP-UX 10.20 hp700 gcc 2.8.1 1.5.6b2 Jeff Earickson --with-DCE
Ultrix 4.3 mips bundled cc 1.5 Maria Magnusson none
-Ultrix 4.3 mips gcc2.7.2.1 1.5.6 Todd Miller --with-skey
+Ultrix 4.3 mips gcc2.7.2.1 1.5.7 Todd Miller --with-skey
IRIX 4.05H mips gcc2.6.3 1.5.3 Todd Miller none
IRIX 4.05H mips unbundled cc 1.4 Todd Miller none
+IRIX 5.2 mips MipsPro C 1.5.6p1 Brian Jackson none
+IRIX 5.3 mips MipsPro C 1.5.6p1 Brian Jackson none
+IRIX 6.2 mips MipsPro C 1.5.6p1 Brian Jackson none
+IRIX 6.5 mips MipsPro C 1.5.6p1 Brian Jackson none
IRIX 5.3 mips unbundled cc 1.4 Todd Miller none
-IRIX 5.3 mips gcc2.7.2.1 1.5.6 Todd Miller --with-skey
+IRIX 5.3 mips gcc2.7.2.1 1.5.7 Todd Miller --with-skey
IRIX 5.3 mips gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4
IRIX 5.3 mips unbundled cc 1.4 Wallace Winfrey --with-C2
IRIX 6.2 mips unbundled cc 1.5 Alek Komarnitsky --with-C2
NEXTSTEP 3.3 i386 bundled cc 1.4 Jonathan Adams none
NEXTSTEP 3.3 sparc bundled cc 1.5.3 Mike Kienenberger none
DEC UNIX 3.2c alpha bundled cc 1.5.3 Todd Miller none
-DEC UNIX 4.0 alpha gcc-2.7.2.1 1.5.6 Todd Miller --with-skey
+DEC UNIX 4.0D alpha gcc-2.7.2.1 1.5.7 Todd Miller --with-skey
DEC UNIX 4.0 alpha gcc-2.7.2.1 1.5.3 Todd Miller --with-kerb4
DEC UNIX 4.0D alpha bundled cc 1.5.3 Randall R. Cable --with-C2
AIX 3.2.X rs6000 bundled cc 1.4 Todd Miller none
ConvexOS 9.1 convex gcc2.4.5 1.3.6 Todd Miller none
BSD/OS 2.1 i386 shlicc 1.5.3 Todd Miller none
OpenBSD 2.3 i586 gcc-2.8.1 1.5.6 Todd Miller none
+OpenBSD 2.4 i586 gcc-2.8.1 1.5.7 Todd Miller none
FreeBSD 1.1 i386 gcc 1.3.2 Dieter Muller none
FreeBSD 2.0.5 i386 gcc 1.3.4 Dieter Muller none
Linux 1.2.13 i486 gcc-2.7.0 1.4 Michael Forman none
Linux 1.2.8 i486 gcc-2.5.8 1.3.5 Ted Coady --with-C2
Linux 2.0.15 i586 gcc-2.7.2.1 1.5 Danny Barron none
+Linux 2.0.34 i586 gcc 2.7.2.3 1.5.7 Todd Miller none
+Linux 2.0.34 i586 egcs-2.91.57 1.5.6p2 Darrin Chandler none
+Linux 2.0.36 i586 gcc-2.7.2.3 1.5.7p4 Nathan Haney none
UnixWare 1.1.4 i386 gcc-2.7.2 1.4 Michael Hancock none
Pyramid DC/OSx 1.1 bundled cc 1.4 Les Schuettpelz none
ATT SVR4.x i486 Metaware CC 1.4 Chris Ellington none
SINIX 5.42 R4000 bundled cc 1.4 Paul Tuininga none
+SINIX 5.43 mips PyrC 5.0A00 1.5.6p2 Brian Jackson none
+SINIX 5.44 mips PyrC 5.0A00 1.5.6p2 Brian Jackson none
NCR 2.03 3400 bundled cc 1.4 Mark Rauschkolb --with-getpass
NCR 3.00 5100 bundled cc 1.4 Mark Rauschkolb --with-getpass
Unicos/mk 2.0.2.19 T3E bundled cc 1.5.3 Mike Kienenberger none
Unicos 9.0.2.2 YMP bundled cc 1.5.4 Mike Kienenberger none
Unicos 10.0.0.1 J90 bundled cc 1.5.4 Mike Kienenberger none
-DGUNIX R4.11MU03 i686 gcc 1.5.3 Ramesh Vasudevan none
+DG/UX R4.11MU03 i686 gcc 1.5.3 Ramesh Vasudevan none
+DG/UX R4.20MU02 x86 cc v1.5.6p5 Jared Crapo none
NetBSD 1.2[A-G] x86 gcc-2.7.2.{1,2} 1.5.3 Jason R. Thorpe none
NetBSD 1.2[A-G] m68k gcc-2.7.2.{1,2} 1.5.3 Jason R. Thorpe none
NetBSD 1.2[A-G] sparc gcc-2.7.2.{1,2} 1.5.3 Jason R. Thorpe none
NetBSD 1.3.2 alpha gcc-2.7.2.2 1.5.4p1 Ted Spradley none
Dynix/ptx 4.1.5 i386 gcc2.7.2 1.5.4 Leon von Stauber none
Dynix/ptx 4.4.2 Sequent bundled cc 1.5.4p1 Larry Mascarenhas none
-SINIX 5.43 mips PyrC 5.0A00 1.5.4 Brian Jackson none
-SINIX 5.44 mips PyrC 5.0A00 1.5.4 Brian Jackson none
-DC-OSx 1.1-9x mips PyrC 4.0A20 1.5.4 Brian Jackson none
+Dynix/ptx 4.4.3 Sequent bundled cc 1.5.6p2 Sandra Birgerson none
+DC-OSx 1.1-9x mips PyrC 4.0A20 1.5.6p2 Brian Jackson none
HI-UX/MPP 02-03 sr2201 bundled cc 1.5.4 Ben Edgington none
Systems on which CU sudo is expected to run on but hasn't been tested.
where PASSWD was defined to be /usr/bin/passwd.
This requires the arg parsing to happen in the yacc grammer.
-23) Should be able to set _CONFIG_PATH_TIMEDIR via configure or the Makefile
- so folks with sysV chown can set to a secure location.
+23) Add a per-tty restriction? Ie: only can run foo from /dev/console.
-24) Add a per-tty restriction? Ie: only can run foo from /dev/console.
-
-25) Use popen.c instead of rolling own in logging.c
+24) Use popen.c instead of rolling own in logging.c
Need to make popen.c portable first...
-26) Add test for how to read ether interfaces in configure script
-
-27) If an OS is capable of using shadow password, try the shadow
- functions first and fallback on getpw*().
+25) Add test for how to read ether interfaces in configure script
-28) Add configure check for $(CC) -R and use it in addition to -L
+26) Add configure check for $(CC) -R and use it in addition to -L
-29) Change things in options.h -> --with-FOO options to configure.
-
-30) An option to make "sudo -s" use the target user's shell might be nice
+27) An option to make "sudo -s" use the target user's shell might be nice
(and more like su).
+
+28) Sudo should have a separate error message for when the user is in sudoers
+ but not allowed to run stuff on that host, and send mail.
projects / sudo / commitdiff