diff options
author | xtraeme <xtraeme@pkgsrc.org> | 2004-08-23 21:15:17 +0000 |
---|---|---|
committer | xtraeme <xtraeme@pkgsrc.org> | 2004-08-23 21:15:17 +0000 |
commit | 62153c5e1fefa09dad0246ca76f45bf582e21331 (patch) | |
tree | 591a86a05c6aa03a8d3896cd93f7a2a28befe543 /doc | |
parent | a12d8e71e137e09e88b7a176bfb62dc3e47b2cab (diff) | |
download | pkgsrc-62153c5e1fefa09dad0246ca76f45bf582e21331.tar.gz |
Update security/sudo to 1.6.8 and convert to use bsd.options.mk, which
adds two new options, ldap and pam.
Changes:
* Sudo now supports storing sudoers info in LDAP (optionally using TLS).
* There is a new -e option to edit files the with uid of the invoking
user. This makes it possible to give users to ability to safely edit
files without the possibility of editing other files or running commands
as the target user. If sudo is run as "sudoedit" the -e flag is implied.
* A new tag, NOEXEC, will prevent a dynamically-linked program being run
by sudo from executing another program (think shell escapes). Because
this uses LD_PRELOAD it has no effect on static binaries.
* A uid specified in sudoers now matches the user specified by the -u flag
even if the -u flag specified a name, not a uid.
* Added a -i option to simulate an initial login similar to "su -".
* If sudo is used to run as root shell, further sudo commands will be logged
as run by the user specified by the SUDO_USER environment variable. In -e
mode (sudoedit), SUDO_USER is used to determine what user to run the editor
when the real uid is 0.
* The sudoers file is now parsed as the runas user in all cases instead of
root. This fixes some issues with running NFS-mounted commands.
* If the target user == invoking user a password is no longer required.
* Sudo now produces a sensible error message when the targetpw Defaults option
is set and a non-existent uid is specified via the -u option.
* A negated user/uid in a runas list is now treated the same as a negated
command and overrides a previously allowed entry.
* PAM support now uses Use pam_acct_mgmt() to check for disabled accounts.
* Added a check in visudo for runas_default being used before it was set.
* Fixed several issues when closing all open descriptors. Sudo now uses
closefrom() if it exists, otherwise it uses /proc/$$/fd if that exists
with a fallback of closing all possible descriptors.
* Quoting globbing characters with a backslash now works as documented.
* Fixed a problem on FreeBSD (and perhaps others) when the user is only
listed in NIS (not master.passwd) and netgroups are used in the
master.passwd file.
* The username in a log entry is no longer truncated at 8 characters.
* Added a "sudo_lecture" option that can point to a file containing a
custom lecture.
* The timeout for password reading is now done via alarm(), not select().
* /tmp/.odus is no longer used for timestamps by default.
* Sudo now works on the nsr-tandem-nsk platform.
* Fixed the --with-stow configure option.
* TIS fwtk authentication now supports fwtk 2.0 and higher.
* Added Stan Lee / Uncle Ben quote to the lecture from RedHat.
* Added the --with-pc-insults configure to replace politically incorrect
insults with other ones.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/CHANGES | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/doc/CHANGES b/doc/CHANGES index 743856063b5..43f68c6683c 100644 --- a/doc/CHANGES +++ b/doc/CHANGES @@ -1,4 +1,4 @@ -$NetBSD: CHANGES,v 1.6982 2004/08/23 15:18:20 tv Exp $ +$NetBSD: CHANGES,v 1.6983 2004/08/23 21:15:17 xtraeme Exp $ Changes to the packages collection and infrastructure in 2004: @@ -4030,3 +4030,4 @@ Changes to the packages collection and infrastructure in 2004: Added kkbswitch-1.4.1 [markd 2004-08-23] Removed guavac [tv 2004-08-23] Updated fidogate to 4.4.9nb1 [tv 2004-08-23] + Updated sudo to 1.6.8 [xtraeme 2004-08-23] |