Bug 615087
Summary: | Rebase sudo to version 1.7.3 | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Mike Khusid <mkhusid> |
Component: | sudo | Assignee: | Daniel Kopeček <dkopecek> |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 6.1 | CC: | abaron, cpelland, danken, hateya, jofernan, mgoldboi, mmalik, rlerch, sgrubb |
Target Milestone: | rc | Keywords: | Rebase |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | sudo-1.7.4p5-4.el6 | Doc Type: | Rebase: Bug Fixes and Enhancements |
Doc Text: |
Rebased to 1.7.4p5. Notable major changes since 1.7.2p2:
- If user has no supplementary groups, sudo will now fall back on checking the group file explicitly, which restores historic sudo behavior.
- Suspending and resuming the bash shell when PAM is in use now works properly. The SIGCONT signal was not being propagated to the child process.
- Sudo no longer prints a warning when the -k or -K options are specified and the ticket file does not exist.
- Time stamp files have moved from /var/run/sudo to /var/db/sudo. This prevents users from receiving the sudo lecture every time the system reboots. Time stamp files older than the boot time are ignored on systems where it is possible to determine this.
- Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile" in ldap.conf.
- Visudo will now treat an unrecognized Defaults entry as a parse error (sudo will warn but still run).
- The tty_tickets option is now on by default.
- If PAM is in use, wait until the process has finished before closing the PAM session.
- Support for logging a command's input and output as well as the ability to replay sessions.
- When the tty_tickets sudoers option is enabled but there is no terminal device, sudo will no longer use or create a tty-based ticket file. Previously, sudo would use a tty name of "unknown". As a consequence, if a user has no terminal device, sudo will now always prompt for a password.
- Qualify the command even if it is in the current working directory, e.g. "./foo" instead of just returning "foo". This removes an ambiguity between real commands and possible pseudo-commands in command matching.
- Implemented /etc/sudoers.d directory
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2011-05-19 11:46:33 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 565939, 607923 |
Description
Mike Khusid
2010-07-15 21:45:50 UTC
This issue has been proposed when we are only considering blocker issues in the current Red Hat Enterprise Linux release. It has been denied for the current Red Hat Enterprise Linux release. ** If you would still like this issue considered for the current release, ask your support representative to file as a blocker on your behalf. Otherwise ask that it be considered for the next Red Hat Enterprise Linux release. ** *** Bug 639682 has been marked as a duplicate of this bug. *** Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Rebased to 1.7.4p5. Notable major changes since 1.7.2p2: - If user has no supplementary groups, sudo will now fall back on checking the group file explicitly, which restores historic sudo behavior. - Suspending and resuming the bash shell when PAM is in use now works properly. The SIGCONT signal was not being propagated to the child process. - Sudo no longer prints a warning when the -k or -K options are specified and the ticket file does not exist. - Time stamp files have moved from /var/run/sudo to /var/db/sudo. This prevents users from receiving the sudo lecture every time the system reboots. Time stamp files older than the boot time are ignored on systems where it is possible to determine this. - Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile" in ldap.conf. - Visudo will now treat an unrecognized Defaults entry as a parse error (sudo will warn but still run). - The tty_tickets option is now on by default. - If PAM is in use, wait until the process has finished before closing the PAM session. - Support for logging a command's input and output as well as the ability to replay sessions. - When the tty_tickets sudoers option is enabled but there is no terminal device, sudo will no longer use or create a tty-based ticket file. Previously, sudo would use a tty name of "unknown". As a consequence, if a user has no terminal device, sudo will now always prompt for a password. - Qualify the command even if it is in the current working directory, e.g. "./foo" instead of just returning "foo". This removes an ambiguity between real commands and possible pseudo-commands in command matching. Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -10,4 +10,5 @@ - If PAM is in use, wait until the process has finished before closing the PAM session. - Support for logging a command's input and output as well as the ability to replay sessions. - When the tty_tickets sudoers option is enabled but there is no terminal device, sudo will no longer use or create a tty-based ticket file. Previously, sudo would use a tty name of "unknown". As a consequence, if a user has no terminal device, sudo will now always prompt for a password. -- Qualify the command even if it is in the current working directory, e.g. "./foo" instead of just returning "foo". This removes an ambiguity between real commands and possible pseudo-commands in command matching.+- Qualify the command even if it is in the current working directory, e.g. "./foo" instead of just returning "foo". This removes an ambiguity between real commands and possible pseudo-commands in command matching. +- Implemented /etc/sudoers.d directory An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2011-0599.html |