the program. We don't want the user to be able to simply kill us and
avoid logging.
-338) Rewrote timestamp handling. Tty-based stamps are now sane and are of
- the form /var/run/sudo/username/tty. This means you only get the
- lecture once, not once per tty. The meaning of -k has changed to
- mean "invalidate the timestamp". There is a new -K option to really
- remove the file.
+338) Rewrote timestamp handling. For the default case, a directory is used
+ instead of a file. For the tty-based case, the timestamp is just a
+ file in that directory (eg. /var/run/sudo/username/tty). You now only
+ get the lecture once, even in the tty case. The goal here is to allow
+ the tty and non-tty schemes to coexist, though it is worth noting that
+ when you update a tty file, the mtime of the dir gets updated too.
-339) New modular authentication API. This fixes the nest of #ifdefs that
+339) The meaning of -k has changed to mean "invalidate the timestamp".
+ There is a new -K option to really remove the timestamp file/dir.
+
+340) New modular authentication API. This fixes the nest of #ifdefs that
was the old auth code.
-340) New logging functions. log_error() now takes a variable number of
+341) New logging functions. log_error() now takes a variable number of
args ala printf() and log_auth() reacts to the return value of validate().
-341) If a user is not in the sudoers file they are still asked for a password.
+342) If a user is not in the sudoers file they are still asked for a password.
This keeps someone who finds a user logged in to a terminal from being
able to tell whether or not the user is allowed to use sudo.
-342) New PAM code again, this time it should be correct.
+343) New PAM code again, this time it should be correct.
-343) tgetpass() now has a flag to specify whether or not to turn
+344) tgetpass() now has a flag to specify whether or not to turn
off echo while reading the password. Used by the new PAM and
fwtk code.
projects / sudo / commitdiff