* The HOME environment variable is once again preserved by default, as per
the documentation.
- Finally remember to fix the $FreeBSD$ line in pam file.
* Check sudoers even if user is found in LDAP so Defaults can take
effect.
* Fix crash when pam_lastlog is (incorrectly) usesd in session section
of PAM file.
Changes:
- The ALL command in sudoers now implies SETENV permissions.
- The command search is now performed using the target user's auxiliary
group vector too.
- Various LDAP code improvements.
- Added passprompt_override flag to sudoers to cause sudo's prompt to be
used in all cases. Also set when the -p flag is used.
- New %p prompt escape that expands to the user whose password is being
prompted, as specified by the rootpw, targetpw and runaspw sudoers
flags.
- Fixed a bug in the IP address matching introduced by the IPV6 merge.
- Fixed sudoedit when used on a non-existent file.
- Groups and netgroups are now valid in an LDAP sudoRunas statement.
sudo_noexec.so to unbreak NOEXEC option. [1]
- Build using --with-secure-path if SUDO_SECURE_PATH is set when
building the port. SUDO_SECURE_PATH should be set to a PATH string.
[2]
- Don't bother deleting sudo_noexec.la. Deleting the file after it's
installed is ugly and since it's not harmful it's not worth patching
the install.
- Set CONFIGURE_TARGET.
PR: 115442 [1], 115381 [2]
Submitted by: vd [1], Janos Mohacsi [2]
* Worked around a bug in some PAM implementations that caused a crash
when no tty was present.
* Fixed a crash on some platforms in the error logging function.
- Change default pam session stack to pam_permit like su does [1]
- Grab maintainership
Sugested by: des [1]
- Temporarilly disable session entry in default pam file because
pam_lastlog causes users to appear as though they have logged out in
system logs. [2]
Reported by: yarodin@gmail.com [1], Paul Fraser <pfraser@gmail.com> [2]
Submitted by: Todd Miller [1]
Application changes:
- PAM, since present, is used by default.
- Environment variable handling has changed significantly.
- Sudo checks the user's supplemental group vector so nsswitch order is
no longer important for group based rules.
(See UPGRADE and CHANGING under share/doc/sudo/ for more.)
Port changes:
- PAM file is no longer clobered on reinstall.
- OPIE option has been removed due to PAM being used by default.
- Selected documentation is now installed.
<Security Alert>
Summary:
A race condition in Sudo's command pathname handling prior
to Sudo version 1.6.8p9 that could allow a user with Sudo
privileges to run arbitrary commands.
Sudo versions affected:
Sudo versions 1.3.1 up to and including 1.6.8p8.
</Security Alert>
More information about this incident available at:
http://www.sudo.ws/sudo/alerts/path_race.html
