Sudo 1.9.8

NEWS

@@ -1,3 +1,51 @@
+What's new in Sudo 1.9.8
+
+ * It is now possible to transparently intercepting sub-commands
+   executed by the original command run via sudo.  Intercept support
+   is implemented using LD_PRELOAD (or the equivalent supported by
+   the system) and so has some limitations.  The two main limitations
+   are that only dynamic executables are supported and only the
+   execve() system call is currently intercepted.  Its main use
+   case is to support restricting privileged shells run via sudo.
+
+   To support this, there is a new "intercept" Defaults setting and
+   an INTERCEPT command tag that can be used in sudoers.  For example:
+
+    Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
+    Defaults!SHELLS intercept
+
+   would cause sudo to run the listed shells in intercept mode.
+   This can also be set on a per-rule basis.  For example:
+
+    Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
+    chuck ALL = INTERCEPT: SHELLS
+
+   would only apply intercept mode to user "chuck" when running one
+   of the listed shells.
+
+ * The new "log_children" sudoers setting can be used to log commands
+   run in a privileged shell.  It uses the same mechanism as the
+   intercept support described above and has the same limitations.
+
+ * Support for logging sudo_logsrvd errors via syslog or to a file.
+   Previously, most sudo_logsrvd errors were only visible in the
+   debug log.
+
+ * Better diagnostics when there is a TLS certificate validation error.
+
+ * Using the "+=" or "-=" operators in a Defaults setting that takes
+   a string, not a list, now produces a warning from sudo and a
+   syntax error from inside visudo.
+
+ * Fixed a bug where the "iolog_mode" setting in sudoers and sudo_logsrvd
+   had no effect when creating I/O log parent directories if the I/O log
+   file name ended with the string "XXXXXX".
+
+ * Fixed a bug in the sudoers custom prompt code where the size
+   parameter that was passed to the strlcpy() function was incorrect.
+   No overflow was possible since the correct amount of memory was
+   already pre-allocated.
+
 What's new in Sudo 1.9.7p2
 
  * When formatting JSON output, octal numbers are now stored as

configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for sudo 1.9.7p2.
+# Generated by GNU Autoconf 2.71 for sudo 1.9.8.
 #
 # Report bugs to <https://bugzilla.sudo.ws/>.
 #
@@ -621,8 +621,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='sudo'
 PACKAGE_TARNAME='sudo'
-PACKAGE_VERSION='1.9.7p2'
+PACKAGE_VERSION='1.9.8'
-PACKAGE_STRING='sudo 1.9.7p2'
+PACKAGE_STRING='sudo 1.9.8'
 PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/'
 PACKAGE_URL=''
 
@@ -809,7 +809,6 @@ SELINUX_USAGE
 BSDAUTH_USAGE
 DONT_LEAK_PATH_INFO
 PRELOAD_MODULE
-CHECK_NOEXEC
 CHECK_INTERCEPT
 INSTALL_NOEXEC
 INSTALL_INTERCEPT
@@ -1623,7 +1622,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures sudo 1.9.7p2 to adapt to many kinds of systems.
+\`configure' configures sudo 1.9.8 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1689,7 +1688,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of sudo 1.9.7p2:";;
+     short | recursive ) echo "Configuration of sudo 1.9.8:";;
    esac
   cat <<\_ACEOF
 
@@ -1974,7 +1973,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-sudo configure 1.9.7p2
+sudo configure 1.9.8
 generated by GNU Autoconf 2.71
 
 Copyright (C) 2021 Free Software Foundation, Inc.
@@ -2631,7 +2630,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by sudo $as_me 1.9.7p2, which was
+It was created by sudo $as_me 1.9.8, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   $ $0$ac_configure_args_raw
@@ -3549,7 +3548,6 @@ ac_config_headers="$ac_config_headers config.h pathnames.h"
 
 
 
-
 
 
 #
@@ -3609,7 +3607,6 @@ INSTALL_BACKUP=
 INSTALL_INTERCEPT=
 INSTALL_NOEXEC=
 CHECK_INTERCEPT=
-CHECK_NOEXEC=
 PRELOAD_MODULE=-module
 exampledir='$(docdir)/examples'
 devdir='$(srcdir)'
@@ -29458,11 +29455,6 @@ if test X"$with_noexec" != X"no"; then
     PROGS="${PROGS} sudo_noexec.la"
     INSTALL_NOEXEC="install-noexec"
 
-    # Can't use sanitizers with LD_PRELOAD
-    if test "$enable_sanitizer" != "yes"; then
-	CHECK_NOEXEC=check_noexec
-    fi
-
     cat >>confdefs.h <<EOF
 #define _PATH_SUDO_NOEXEC "$noexec_file"
 EOF
@@ -30044,7 +30036,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by sudo $as_me 1.9.7p2, which was
+This file was extended by sudo $as_me 1.9.8, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -30112,7 +30104,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config='$ac_cs_config_escaped'
 ac_cs_version="\\
-sudo config.status 1.9.7p2
+sudo config.status 1.9.8
 configured by $0, generated by GNU Autoconf 2.71,
   with options \\"\$ac_cs_config\\"
 

configure.ac

@@ -18,7 +18,7 @@ dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 dnl
 AC_PREREQ([2.70])
-AC_INIT([sudo], [1.9.7p2], [https://bugzilla.sudo.ws/], [sudo])
+AC_INIT([sudo], [1.9.8], [https://bugzilla.sudo.ws/], [sudo])
 AC_CONFIG_HEADERS([config.h pathnames.h])
 AC_CONFIG_SRCDIR([src/sudo.c])
 AC_CONFIG_AUX_DIR([scripts])