Fwd: [sudo-workers] sudo 1.7.3rc1 available

Wesley Shields wxs at FreeBSD.org
Tue Jun 29 00:48:22 UTC 2010

See below for the changes to sudo 1.7.3 which is set to be released
soon. If you want to test out the 1.7.3rc1 update please fetch the patch
from http://people.freebsd.org/~wxs/sudo.diff, apply it and rebuild.
Please reply back to me privately with reports of success or failures.

I'll probably get the update in the tree sometime early or mid-July.

-- WXS

----- Forwarded message from "Todd C. Miller" <Todd.Miller at courtesan.com> -----

Date: Mon, 28 Jun 2010 09:56:10 -0400
From: "Todd C. Miller" <Todd.Miller at courtesan.com>
To: sudo-workers at sudo.ws
Cc: sudo-users at sudo.ws
Subject: [sudo-workers] sudo 1.7.3rc1 available

The first release candidate of sudo 1.7.3 is now available.
Sudo 1.7.3 is scheduled for release on June 30th.

Download links:

Major changes between sudo 1.7.2p7 and 1.7.3rc1:

 * Support for logging I/O for the command being run.
   For more information, see the documentation for the "log_input"
   and "log_output" Defaults options in the sudoers manual.  Also
   see the sudoreplay manual for how to replay I/O log sessions.

 * The use_pty sudoers option can be used to force a command to be
   run in a pseudo-pty, even when I/O logging is not enabled.

 * On some systems, sudo can now detect when a user has logged out
   and back in again when tty-based time stamps are in use.  Supported
   systems include Solaris systems with the devices file system,
   Mac OS X, and Linux systems with the devpts filesystem (pseudo-ttys

 * On AIX systems, the registry setting in /etc/security/user is
   now taken into account when looking up users and groups.  Sudo
   now applies the correct the user and group ids when running a
   command as a user whose account details come from a different
   source (e.g. LDAP or DCE vs.  local files).

 * Support for multiple 'sudoers_base' and 'uri' entries in ldap.conf.
   When multiple entries are listed, sudo will try each one in the
   order in which they are specified.

 * Sudo's SELinux support should now function correctly when running
   commands as a non-root user and when one of stdin, stdout or stderr
   is not a terminal.

 * Sudo will now use the Linux audit system with configure with
   the --with-linux-audit flag.

 * Sudo now uses mbr_check_membership() on systems that support it
   to determine group membership.  Currently, only Darwin (Mac OS X)
   supports this.

 * When the tty_tickets sudoers option is enabled but there is no
   terminal device, sudo will no longer use or create a tty-based
   ticket file.  Previously, sudo would use a tty name of "unknown".
   As a consequence, if a user has no terminal device, sudo will
   now always prompt for a password.

 * The passwd_timeout and timestamp_timeout options may now be
   specified as floating point numbers for more granular timeout

 * Negating the fqdn option in sudoers now works correctly when sudo
   is configured with the --with-fqdn option.  In previous versions
   of sudo the fqdn was set before sudoers was parsed.
sudo-workers mailing list <sudo-workers at sudo.ws>
For list information, options, or to unsubscribe, visit:

----- End forwarded message -----

More information about the freebsd-ports mailing list