|
| 1 | +What's new in Sudo 1.9.5 |
| 2 | + |
| 3 | + * Fixed a crash introduced in 1.9.4 when running "sudo -i" as an |
| 4 | + unknown user. This is related to but distinct from Bug #948. |
| 5 | + |
| 6 | + * If the "lecture_file" setting is enabled in sudoers, it must now |
| 7 | + refer to a regular file or a symbolic link to a regular file. |
| 8 | + |
| 9 | + * Fixed a potential use-after-free bug in sudo_logsrvd when the |
| 10 | + server shuts down if there are existing connections from clients |
| 11 | + that are only logging events and not session I/O data. |
| 12 | + |
| 13 | + * Fixed a buffer size mismatch when serializing the list of IP |
| 14 | + addresses for configured network interfaces. This bug is not |
| 15 | + actually exploitable since the allocated buffer is large enough |
| 16 | + to hold the list of addresses. |
| 17 | + |
| 18 | + * If sudo is executed with a name other that "sudo" or "sudoedit", |
| 19 | + it will now fall back to "sudo" as the program name. This affects |
| 20 | + warning, help and usage messages as well as the matching of Debug |
| 21 | + lines in the /etc/sudo.conf file. Previously, it was possible |
| 22 | + for the invoking user to manipulate the program name by setting |
| 23 | + argv[0] to an arbitrary value when executing sudo. |
| 24 | + |
| 25 | + * Sudo now checks for failure when setting the close-on-exec flag |
| 26 | + on open file descriptors. This should never fail but, if it |
| 27 | + were to, there is the possibility of a file descriptor leak to |
| 28 | + a child process (such as the command sudo runs). |
| 29 | + |
| 30 | + * Fixed CVE-2021-23239, a potential information leak in sudoedit |
| 31 | + that could be used to test for the existence of directories not |
| 32 | + normally accessible to the user in certain circumstances. When |
| 33 | + creating a new file, sudoedit checks to make sure the parent |
| 34 | + directory of the new file exists before running the editor. |
| 35 | + However, a race condition exists if the invoking user can replace |
| 36 | + (or create) the parent directory. If a symbolic link is created |
| 37 | + in place of the parent directory, sudoedit will run the editor |
| 38 | + as long as the target of the link exists. If the target of the |
| 39 | + link does not exist, an error message will be displayed. The |
| 40 | + race condition can be used to test for the existence of an |
| 41 | + arbitrary directory. However, it _cannot_ be used to write to |
| 42 | + an arbitrary location. |
| 43 | + |
| 44 | + * Fixed CVE-2021-23240, a flaw in the temporary file handling of |
| 45 | + sudoedit's SELinux RBAC support. On systems where SELinux is |
| 46 | + enabled, a user with sudoedit permissions may be able to set the |
| 47 | + owner of an arbitrary file to the user-ID of the target user. |
| 48 | + On Linux kernels that support "protected symlinks", setting |
| 49 | + /proc/sys/fs/protected_symlinks to 1 will prevent the bug from |
| 50 | + being exploited. For more information see |
| 51 | + https://www.sudo.ws/alerts/sudoedit_selinux.html. |
| 52 | + |
| 53 | + * Added writability checks for sudoedit when SELinux RBAC is in use. |
| 54 | + This makes sudoedit behavior consistent regardless of whether |
| 55 | + or not SELinux RBAC is in use. Previously, the "sudoedit_checkdir" |
| 56 | + setting had no effect for RBAC entries. |
| 57 | + |
| 58 | + * A new sudoers option "selinux" can be used to disable sudo's |
| 59 | + SELinux RBAC support. |
| 60 | + |
| 61 | + * Quieted warnings from PVS Studio, clang analyzer, and cppcheck. |
| 62 | + Added suppression annotations for PVS Studio false positives. |
| 63 | + |
1 | 64 | What's new in Sudo 1.9.4p2 |
2 | 65 |
|
3 | 66 | * Fixed a bug introduced in sudo 1.9.4p1 which could lead to a crash |
|
0 commit comments