./security/sudo, Allow others to run commands as root

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.8.31p2, Package name: sudo-1.8.31p2, Maintainer: pkgsrc-users

Sudo is a program designed to allow a sysadmin to give limited root
privileges to users and log root activity. The basic philosophy is to
give as few privileges as possible but still allow people to get their
work done.

Required to build:

Package options: skey

Master sites: (Expand)

SHA1: 53a6dfa90f78bc10615b83b7026bf3ba206c69e9
RMD160: 5ffd8e785095c19c26ad8e3b3d5768669951f777
Filesize: 3274.939 KB

Version history: (Expand)

CVS history: (Expand)

   2020-09-19 16:04:29 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
security/sudo: update to 1.8.31p2

Update sudo package to 1.8.31p2.

What's new in Sudo 1.8.31p2

 * Sudo command line options that take a value may only be specified
   once.  This is to help guard against problems caused by poorly
   written scripts that invoke sudo with user-controlled input.
   Bug #924.

 * When running a command in a pty, sudo will no longer try to
   suspend itself if the user's tty has been revoked (for instance
   when the parent ssh daemon is killed).  This fixes a bug where
   sudo would continuously suspend the command (which would succeed),
   then suspend itself (which would fail due to the missing tty)
   and then resume the command.

 * If sudo's event loop fails due to the tty being revoked, remove
   the user's tty events and restart the event loop (once).  This
   fixes a problem when running "sudo reboot" in a pty on some
   systems.  When the event loop exited unexpectedly, sudo would
   kill the command running in the pty, which in the case of "reboot",
   could lead to the system being in a half-rebooted state.

 * Fixed a regression introduced in sudo 1.8.23 in the LDAP and
   SSSD back-ends where a missing sudoHost attribute was treated
   as an "ALL" wildcard value.  A sudoRole with no sudoHost attribute
   is now ignored as it was prior to version 1.8.23.
   2020-04-28 07:29:18 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
security/sudo: update to 1.8.31p1

Update sudo to 1.8.31p1.

Major changes between sudo 1.8.31p1 and 1.8.31

 * Sudo once again ignores a failure to restore the RLIMIT_CORE
   resource limit, as it did prior to version 1.8.29.  Linux
   containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY
   if we set the limit to zero, even for root, which resulted in a
   warning from sudo.
   2020-02-03 08:47:56 by Kimmo Suominen | Files touched by this commit (2) | Package updated
Log message:
Update to sudo 1.8.31

What's new:

* Fixed CVE-2019-18634, a buffer overflow when the "pwfeedback"
  sudoers option is enabled on systems with uni-directional pipes.

* The "sudoedit_checkdir" option now treats a user-owned directory
  as writable, even if it does not have the write bit set at the
  time of check.  Symbolic links will no longer be followed by
  sudoedit in any user-owned directory.  Bug #912

* Fixed sudoedit on macOS 10.15 and above where the root file system
  is mounted read-only.  Bug #913.

* Fixed a crash introduced in sudo 1.8.30 when suspending sudo
  at the password prompt.  Bug #914.

* Fixed compilation on systems where the mmap MAP_ANON flag
  is not available.  Bug #915.
   2020-01-30 22:08:00 by =?UTF-8?B?RnLDqWTDqXJpYyBGYXViZXJ0ZWF1?= | Files touched by this commit (1) | Package updated
Log message:
sudo: update master site

TW Aren FTP server seems down and the fetching step hangs for hours.
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2020-01-01 02:47:29 by Kimmo Suominen | Files touched by this commit (2) | Package updated
Log message:
Update to sudo 1.8.30

Notable changes:

* The version string no longer has the word "beta" in it.
   2019-12-28 21:43:56 by Kimmo Suominen | Files touched by this commit (14) | Package removed
Log message:
Update to sudo 1.8.30beta3

* Portability fixes from pkgsrc have been merged upstream

* Add runas_check_shell flag to require a runas user to have a valid
  shell. Not enabled by default.

* Add a new flag "allow_unknown_runas_id" to control matching of unknown
  IDs. Previous, sudo would always allow unknown user or group IDs if
  the sudoers entry permitted it. This included the "ALL" alias. With
  this change, the admin must explicitly enable support for unknown IDs.

* Transparently handle the "sudo sudoedit" problem. Some admin are
  confused about how to give users sudoedit permission and many users
  try to run sudoedit via sudo instead of directly. If the user runs
  "sudo sudoedit" sudo will now treat it as plain "sudoedit" \ 
  issuing a warning. If the admin has specified a fully-qualified path
  for sudoedit in sudoers, sudo will treat it as just "sudoedit" and
  match accordingly. In visudo (but not sudo), a fully-qualified path
  for sudoedit is now treated as an error.

* When restoring old resource limits, try to recover if we receive
  EINVAL. On NetBSD, setrlimit(2) can return EINVAL if the new soft
  limit is lower than the current resource usage. This can be a problem
  when restoring the old stack limit if sudo has raised it.

* Restore resource limits before executing the askpass program. Linux
  with docker seems to have issues executing a program when the stack
  size is unlimited. Bug #908

* macOS does not allow rlim_cur to be set to RLIM_INFINITY for
  RLIMIT_NOFILE. We need to use OPEN_MAX instead as per the macOS
  setrlimit manual. Bug #904

* Use 64-bit resource limits on AIX.
   2019-12-19 17:59:44 by Kimmo Suominen | Files touched by this commit (3)
Log message:
Don't touch RLIMIT_STACK for now, see https://gnats.netbsd.org/51158