Sudo 1.9.1
-
Fixed an AIX-specific problem when I/O logging was enabled. The terminal device was not being properly set to raw mode. Bug #927.
-
Corrected handling of
sudo_logsrvd
connections without associated I/O log data. This fixes support for RejectMessage as well as AcceptMessage when the expect_iobufs flag is not set. -
Added an iolog_path entry to the JSON-format event log produced by
sudo_logsrvd
. Previously, it was only possible to determine the I/O log file an event belonged to using sudo-format logs. -
Fixed the bundle IDs for
sudo-logsrvd
andsudo-python
macOS packages. -
I/O log files produced by the sudoers plugin now clear the write bits on the I/O log timing file when the log is complete. This is consistent with how
sudo_logsrvd
indicates that a log is complete. -
The
sudoreplay
utility has a new -F (follow) command line option to allow replaying a session that is still in progress, similar totail -f
. -
The
@include
and@includedir
directives can be used in sudoers instead of#include
and#includedir
. In addition, include paths may now have embedded white space by either using a double-quoted string or escaping the space characters with a backslash. -
Fixed some Solaris 11.4 compilation errors.
-
When running a command in a pty, sudo will no longer try to suspend itself if the user's tty has been revoked (for instance when the parent ssh daemon is killed). This fixes a bug where sudo would continuously suspend the command (which would succeed), then suspend itself (which would fail due to the missing tty) and then resume the command.
-
If sudo's event loop fails due to the tty being revoked, remove the user's tty events and restart the event loop (once). This fixes a problem when running
sudo reboot
in a pty on some systems. When the event loop exited unexpectedly, sudo would kill the command running in the pty, which in the case ofreboot
, could lead to the system being in a half-rebooted state. -
Fixed a regression introduced in sudo 1.8.23 in the LDAP and SSSD back-ends where a missing
sudoHost
attribute was treated as anALL
wildcard value. AsudoRole
with nosudoHost
attribute is now ignored as it was prior to version 1.8.23. -
The audit plugin API has been changed slightly. The sudo front-end now audits an accept event itself after all approval plugins are run and the I/O logging plugins (if any) are opened. This makes it possible for an audit plugin to only log a single overall accept event if desired.
-
The sudoers plugin can now be loaded as an audit plugin. Logging of successful commands is now performed in the audit plugin's accept function. As a result, commands are now only logged if allowed by sudoers and all approval plugins. Commands rejected by an approval plugin are now also logged by the sudoers plugin.
-
Romanian translation for sudo and sudoers from translationproject.org.
-
Fixed a regression introduced in sudo 1.9.0 where
sudoedit
did not remove its temporary files after installing them. Bug #929. -
Fixed a regression introduced in sudo 1.9.0 where the iolog_file setting in
sudoers
andsudo_logsrvd.conf
caused an error if the file name ended in six or more X's.