Sudo Development

Current Version

The current development version of sudo is 1.7.3rc1.

For full details see the ChangeLog file or view the commit logs of the 1.7 branch in mercurial.

If you plan to use a development version of sudo, please subscribe to the sudo-workers mailing list so that you will receive updates on bug fixes and related announcements. You may also be interested in the sudo-commits mailing list which receives a message for each commit to the sudo source tree.

---

Major changes between version 1.7.3b4 and 1.7.3rc1:

• Password and group name cache lookups are now done in a case insensitive fashion.

• URI entries in ldap.conf may now be specified multiple times.

• Fixed a problem with the environment handling on OpenBSD.

• Sudo now supports AIX per-user password database sources via the registry parameter in /etc/security/user. In 1.7.3b4 sudo uses the SYSTEM parameter.

---

Major changes between version 1.7.3b3 and 1.7.3b4:

• Sudo will now use the Linux audit system with configure with the --with-linux-audit flag.

• When the tty_tickets sudoers option is enabled but there is no terminal device, sudo will no longer use or create a tty-based ticket file. Previously, sudo would use a tty name of "unknown". As a consequence, if a user has no terminal device, sudo will now always prompt for a password.

• Negating the fqdn option in sudoers now works correctly when sudo is configured with the --with-fqdn option. In previous versions of sudo the fqdn was set before sudoers was parsed.

• Repaired the -i optino which was broken in 1.7.3b3.

• On AIX, sudo now sets the userinfo like login(1) does when running a command.

• Sudo now supports AIX per-user password database sources via the SYSTEM parameter in /etc/security/user.

---

Major changes between version 1.7.2p7 and 1.7.3b3:

• Support for logging I/O for the command being run. For more information, see the documentation for the log_input and log_output Defaults options in the sudoers manual. Also see the sudoreplay manual for how to replay I/O log sessions.

• The use_pty sudoers option can be used to force a command to be run in a pseudo-pty, even when I/O logging is not enabled.

• On some systems, sudo can now detect when a user has logged out and back in again when tty-based time stamps are in use. Supported systems include Solaris systems with the devices file system, Mac OS X, and Linux systems with the devpts filesystem (pseudo-ttys only).

• Sudo's SELinux support should now function correctly when running commands as a non-root user and when one of stdin, stdout or stderr is not a terminal.

• Sudo now uses mbr_check_membership() on systems that support it to determine group membership. Currently, only Darwin (Mac OS X) supports this.

• The passwd_timeout and timestamp_timeout options may now be specified as floating point numbers for more granular timeout values.