diff --git a/NEWS b/NEWS index 046be1af7..03569e6de 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,53 @@ +What's new in Sudo 1.8.1? + + * The fix for resuming a suspended shell in 1.7.5 caused problems + with resuming non-shells on Linux. Sudo will now save the process + group ID of the program it is running on suspend and restore it + when resuming, which fixes both problems. + + * A bug that could result in corrupted output in "sudo -l" has been + fixed. + + * Sudo will now create an entry in the utmp (or utmpx) file when + allocating a pseudo-tty (e.g. when logging I/O). The "set_utmp" + and "utmp_runas" sudoers file options can be used to control this. + Other policy plugins may use the "set_utmp" and "utmp_user" + entries in the command_info list. + + * The sudoers policy now stores the TSID field in the logs + even when the "iolog_file" sudoers option is defined to a value + other than %{sessid}. Previously, the TSID field was only + included in the log file when the "iolog_file" option was set + to its default value. + + * The sudoreplay utility now supports arbitrary session IDs. + Previously, it would only work with the base-36 session IDs + that the sudoers plugin uses by default. + + * Sudo now passes "user_shell=true" to the policy plugin in the + settings list when sudo's -s command line option is specified. + The sudoers policy plugin uses this to implement the "set_home" + sudoers option which was missing from sudo 1.8.0. + + * The "noexec" functionality has been moved out of the sudoers + policy plugin and into the sudo front-end, which matches the + behavior documented in the plugin writer's guide. As a result, + the path to the noexec file is now specified in the sudo.conf + file instead of the sudoers file. + + * On Solaris 10, the PRIV_PROC_EXEC privilege is now used to + implement the "noexec" feature. Previously, this was implemented + via the LD_PRELOAD environment variable. + + * The exit values for "sudo -l", "sudo -v" and "sudo -l command" + have been fixed in the sudoers policy plugin. + + * The sudoers policy plugin now passes the login class, if any, + back to the sudo front-end. + + * The sudoers policy plugin was not being linked with requisite + libraries in certain configurations. + What's new in Sudo 1.8.0? * Sudo has been refactored to use a modular framework that can diff --git a/doc/UPGRADE b/doc/UPGRADE index 0de00a6b0..685eaf6a7 100644 --- a/doc/UPGRADE +++ b/doc/UPGRADE @@ -1,6 +1,36 @@ Notes on upgrading from an older release ======================================== +o Upgrading from a version prior to 1.8.1: + + In Sudo 1.8.1 the "noexec" functionality has moved out of the + sudoers policy plugin and into the sudo front-end. As a result, + the path to the noexec file is now specified in the sudo.conf + file instead of the sudoers file. If you have a sudoers file + that uses the "noexec_file" option, you will need to move the + definition to the sudo.conf file instead. + + Old style in /etc/sudoers: + Defaults noexec_file=/usr/local/libexec/sudo_noexec.so + + New style in /etc/sudo.conf: + Path noexec /usr/local/libexec/sudo_noexec.so + +o Upgrading from a version prior to 1.8.0: + + Starting with version 1.8.0, sudo uses a modular framework to + support policy and I/O logging plugins. The default policy + plugin is "sudoers" which provides the traditional sudoers + evaluation and I/O logging. Plugins are typically located in + /usr/libexec or /usr/local/libexec, though this is system-dependent. + The sudoers plugin is named "sudoers.so" on most systems. + + The sudo.conf file, usually stored in /etc, is used to configure + plugins. This file is optional--if no plugins are specified + in sudo.conf, the "sudoers" plugin is used. See the sample.sudo.conf + file in the doc directory or refer to the updated sudo manual + to see how to configure sudo.conf. + o Upgrading from a version prior to 1.7.5: Sudo 1.7.5 includes an updated LDAP schema with support for