./security/sudo, Allow others to run commands as root

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.9.6p1, Package name: sudo-1.9.6p1, Maintainer: pkgsrc-users

Sudo is a program designed to allow a sysadmin to give limited root
privileges to users and log root activity. The basic philosophy is to
give as few privileges as possible but still allow people to get their
work done.

Required to build:

Package options: skey

Master sites: (Expand)

SHA1: c83e90c50f79004922a6fc5229601fe121d52f50
RMD160: 638da407f15c36debf6bce797f7a6f10caf6c0df
Filesize: 4023.328 KB

Version history: (Expand)

CVS history: (Expand)

   2021-03-18 09:57:48 by Adam Ciarcinski | Files touched by this commit (5) | Package updated
Log message:
sudo: updated to 1.9.6p1

Major changes between version 1.9.6p1 and 1.9.6:

Fixed a regression introduced in sudo 1.9.6 that resulted in an error message \ 
instead of a usage message when sudo is run with no arguments.

Major changes between version 1.9.6 and 1.9.5p2:

Fixed a sudo_sendlog compilation problem with the AIX xlC compiler.
Fixed a regression introduced in sudo 1.9.4 where the --disable-root-mailer \ 
configure option had no effect.
Added a --disable-leaks configure option that avoids some memory leaks on exit \ 
that would otherwise occur. This is intended to be used with development tools \ 
that measure memory leaks. It is not safe to use in production at this time.
Plugged some memory leaks identified by oss-fuzz and ASAN.
Fixed the handling of sudoOptions for an LDAP sudoRole that contains multiple \ 
sudoCommands. Previously, some of the options would only be applied to the first \ 
Fixed a potential out of bounds read in the parsing of NOTBEFORE and NOTAFTER \ 
sudoers command options (and their LDAP equivalents).
The parser used for reading I/O log JSON files is now more resilient when \ 
processing invalid JSON.
Fixed typos that prevented make uninstall from working.
Fixed a regression introduced in sudo 1.9.4 where the last line in a sudoers \ 
file might not have a terminating NUL character added if no newline was present.
Integrated oss-fuzz and LLVM's libFuzzer with sudo. The new --enable-fuzzer \ 
configure option can be combined with the --enable-sanitizer option to build \ 
sudo with fuzzing support. Multiple fuzz targets are available for fuzzing \ 
different parts of sudo. Fuzzers are built and tested via make fuzz or as part \ 
of make check (even when sudo is not built with fuzzing support). Fuzzing \ 
support currently requires the LLVM clang compiler (not gcc).
Fixed the --enable-static-sudoers configure option.
Fixed a potential out of bounds read sudo when is run by a user with more groups \ 
than the value of max_groups in sudo.conf.
Added an admin_flag sudoers option to make the use of the \ 
~/.sudo_as_admin_successful file configurable on systems where sudo is build \ 
with the --enable-admin-flag configure option. This mostly affects Ubuntu and \ 
its derivatives.
The max_groups setting in sudo.conf is now limited to 1024. This setting is \ 
obsolete and should no longer be needed.
Fixed a bug in the tilde expansion of CHROOT=dir and CWD=dir sudoers command \ 
options. A path ~/foo was expanded to /home/userfoo instead of /home/user/foo. \ 
This also affects the runchroot and runcwd Defaults settings.
Fixed a bug on systems without a native getdelim(3) function where very long \ 
lines could cause parsing of the sudoers file to end prematurely.
Fixed a potential integer overflow when converting the timestamp_timeout and \ 
passwd_timeout sudoers settings to a timespec struct.
The default for the group_source setting in sudo.conf is now dynamic on macOS. \ 
Recent versions of macOS do not reliably return all of a user's non-local groups \ 
via getgroups(2), even when _DARWIN_UNLIMITED_GETGROUPS is defined.
Fixed a potential use-after-free in the PAM conversation function.
Fixed potential redefinition of sys/stat.h macros in sudo_compat.h.
   2021-01-30 12:06:45 by S.P.Zeidler | Files touched by this commit (3)
Log message:
security/sudo: build fix for netbsdelf systems
   2021-01-26 21:18:43 by Jonathan Perkin | Files touched by this commit (2) | Package updated
Log message:
sudo: Update to 1.9.5p2 for CVE-2021-3156.

What's new in Sudo 1.9.5p2

 * Fixed sudo's setprogname(3) emulation on systems that don't
   provide it.

 * Fixed a problem with the sudoers log server client where a partial
   write to the server could result the sudo process consuming large
   amounts of CPU time due to a cycle in the buffer queue. Bug #954.

 * Added a missing dependency on libsudo_util in libsudo_eventlog.
   Fixes a link error when building sudo statically.

 * The user's KRB5CCNAME environment variable is now preserved when
   performing PAM authentication.  This fixes GSSAPI authentication
   when the user has a non-default ccache.

 * When invoked as sudoedit, the same set of command line options
   are now accepted as for "sudo -e".  The -H and -P options are
   now rejected for sudoedit and "sudo -e" which matches the sudo
   1.7 behavior.  This is part of the fix for CVE-2021-3156.

 * Fixed a potential buffer overflow when unescaping backslashes
   in the command's arguments.  Normally, sudo escapes special
   characters when running a command via a shell (sudo -s or sudo
   -i).  However, it was also possible to run sudoedit with the -s
   or -i flags in which case no escaping had actually been done,
   making a buffer overflow possible.  This fixes CVE-2021-3156.
   2021-01-18 15:32:24 by Takahiro Kambe | Files touched by this commit (7) | Package updated
Log message:
security/sudo: update to 1.9.5p1

Update sudo package to 1.9.5p1.  CHanges from 1.8.31p2 are too many to
write here.  Please refer <https://www.sudo.ws/stable.html>.

1.9.5 fixes these security problems:

* Fixed CVE-2021-23239, a potential information leak in sudoedit that
  could be used to test for the existence of directories not normally
  accessible to the user in certain circumstances.  When creating a new
  file, sudoedit checks to make sure the parent directory of the new file
  exists before running the editor.  However, a race condition exists if
  the invoking user can replace (or create) the parent directory. If a
  symbolic link is created in place of the parent directory, sudoedit will
  run the editor as long as the target of the link exists.  If the target
  of the link does not exist, an error message will be displayed.  The
  race condition can be used to test for the existence of an arbitrary
  directory.  However, it cannot be used to write to an arbitrary

* Fixed CVE-2021-23240, a flaw in the temporary file handling of
  sudoedit's SELinux RBAC support.  On systems where SELinux is enabled, a
  user with sudoedit permissions may be able to set the owner of an
  arbitrary file to the user-ID of the target user.  On Linux kernels that
  support protected symlinks setting /proc/sys/fs/protected_symlinks to 1
  will prevent the bug from being exploited.  For more information, see
  Symbolic link attack in SELinux-enabled sudoedit.

Quote from 1.9.0 features:

* The maximum length of a conversation reply has been increased from 255
  to 1023 characters.  This allows for longer user passwords. Bug #860.

* Sudo now includes a logging daemon, sudo_logsrvd, which can be used to
  implement centralized logging of I/O logs.  TLS connections are
  supported when sudo is configured with the --enable-openssl option.  For
  more information, see the sudo_logsrvd, sudo_logsrvd.conf and
  sudo_logsrv.proto manuals as well as the log_servers setting in the
  sudoers manual.

* The --disable-log-server and --disable-log-client configure options can
  be used to disable building the I/O log server and/or remote I/O log
  support in the sudoers plugin.

* The new sudo_sendlog utility can be used to test sudo_logsrvd or send
  existing sudo I/O logs to a centralized server.

* It is now possible to write sudo plugins in Python 4 when sudo is
  configured with the --enable-python option.  See the sudo_plugin_python
  manual for details.

  Sudo 1.9.0 comes with several Python example plugins that get installed
  sudo's examples directory.

  The sudo blog article What's new in sudo 1.9: Python includes a simple
  tutorial on writing python plugins.

* Sudo now supports an audit plugin type.  An audit plugin receives
  accept, reject, exit and error messages and can be used to implement
  custom logging that is independent of the underlying security policy.
  Multiple audit plugins may be specified in the sudo.conf file.  A sample
  audit plugin is included that writes logs in JSON format.

* Sudo now supports an approval plugin type.  An approval plugin is run
  only after the main security policy (such as sudoers) accepts a command
  to be run.  The approval policy may perform additional checks,
  potentially interacting with the user.  Multiple approval plugins may be
  specified in the sudo.conf file.  Only if all approval plugins succeed
  will the command be allowed.

* Sudo's -S command line option now causes the sudo conversation function
  to write to the standard output or standard error instead of the
  terminal device.
   2020-09-19 16:04:29 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
security/sudo: update to 1.8.31p2

Update sudo package to 1.8.31p2.

What's new in Sudo 1.8.31p2

 * Sudo command line options that take a value may only be specified
   once.  This is to help guard against problems caused by poorly
   written scripts that invoke sudo with user-controlled input.
   Bug #924.

 * When running a command in a pty, sudo will no longer try to
   suspend itself if the user's tty has been revoked (for instance
   when the parent ssh daemon is killed).  This fixes a bug where
   sudo would continuously suspend the command (which would succeed),
   then suspend itself (which would fail due to the missing tty)
   and then resume the command.

 * If sudo's event loop fails due to the tty being revoked, remove
   the user's tty events and restart the event loop (once).  This
   fixes a problem when running "sudo reboot" in a pty on some
   systems.  When the event loop exited unexpectedly, sudo would
   kill the command running in the pty, which in the case of "reboot",
   could lead to the system being in a half-rebooted state.

 * Fixed a regression introduced in sudo 1.8.23 in the LDAP and
   SSSD back-ends where a missing sudoHost attribute was treated
   as an "ALL" wildcard value.  A sudoRole with no sudoHost attribute
   is now ignored as it was prior to version 1.8.23.
   2020-04-28 07:29:18 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
security/sudo: update to 1.8.31p1

Update sudo to 1.8.31p1.

Major changes between sudo 1.8.31p1 and 1.8.31

 * Sudo once again ignores a failure to restore the RLIMIT_CORE
   resource limit, as it did prior to version 1.8.29.  Linux
   containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY
   if we set the limit to zero, even for root, which resulted in a
   warning from sudo.
   2020-02-03 08:47:56 by Kimmo Suominen | Files touched by this commit (2) | Package updated
Log message:
Update to sudo 1.8.31

What's new:

* Fixed CVE-2019-18634, a buffer overflow when the "pwfeedback"
  sudoers option is enabled on systems with uni-directional pipes.

* The "sudoedit_checkdir" option now treats a user-owned directory
  as writable, even if it does not have the write bit set at the
  time of check.  Symbolic links will no longer be followed by
  sudoedit in any user-owned directory.  Bug #912

* Fixed sudoedit on macOS 10.15 and above where the root file system
  is mounted read-only.  Bug #913.

* Fixed a crash introduced in sudo 1.8.30 when suspending sudo
  at the password prompt.  Bug #914.

* Fixed compilation on systems where the mmap MAP_ANON flag
  is not available.  Bug #915.
   2020-01-30 22:08:00 by =?UTF-8?B?RnLDqWTDqXJpYyBGYXViZXJ0ZWF1?= | Files touched by this commit (1) | Package updated
Log message:
sudo: update master site

TW Aren FTP server seems down and the fetching step hangs for hours.