Skip to content

Releases: trifectatechfoundation/sudo-rs

Version 0.2.5

01 Apr 11:58
@github-actions github-actions
v0.2.5
This tag was signed with the committer’s verified signature.
squell Marc R. Schoolderman
GPG key ID: 289D082003D01E95
Verified
Learn about vigilant mode.
37175bb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.2.5 Latest
Latest

To use the precompiled binaries attached below, consult our manual installation instructions

Added

  • sudo visudo will protect you from accidentally locking yourself out
  • Support for --prompt and SUDO_PROMPT environment variable
  • Support for Defaults targetpw
  • Support for VAR=VALUE matching in Defaults env_keep/env_check
  • Support for --bell

Changed

  • Portability: sudo-rs supports FreeBSD!
  • sudo -v will only ask for a password if the policy requires it

Fixed

  • Manual wrongly claimed timestamp_timeout supported negative values (#1032)
  • timestamp_timeout in excess of 292 billion years were not rejected (#1048)
  • Usernames in /etc/sudoers can contain special characters by using double
    quotes or escaping them (#1054)
Contributors for this release

Merged pull requests by: @bjorn3, @squell, new contributors: @shurizzle, @millert, @inventor500
Closed issues opened by @bertptrs, @HanabishiRecca, @decathorpe, @woodsb02, @id3v1669, @Timmmm

Contributors

shurizzle, millert, and 9 other contributors
Assets 5
Loading

Version 0.2.4

25 Feb 13:26
@squell squell
v0.2.4
This tag was signed with the committer’s verified signature.
bjorn3
SSH Key Fingerprint: 9p7UbsyTHW8iK9OhC2DaZMlEbAAKfX1yaRsZ/AgyljE
Verified
Learn about vigilant mode.
6c3852f
This commit was signed with the committer’s verified signature.
squell Marc R. Schoolderman
GPG key ID: 289D082003D01E95
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.2.4

Added

  • Support for 'SETENV:' and corresponding 'sudo VAR=value command' syntax
  • Support for 'Defaults rootpw'
  • Support for 'Defaults pwfeedback'
  • Support for host/user/runas/command-specific Defaults

Changed

  • Portability: sudo-rs now has experimental support for FreeBSD!
  • pam-login feature now controls if PAM service name 'sudo-i' is used

Fixed

  • Bug in syslog writer could cause sudo to hang (#856)
  • SHELL was not canonicalized when using 'sudo -s' or 'sudo -i' (#962)
  • RunAs_Spec was not carried over on the same /etc/sudoers line (#974)
  • sudo --list did not unfold multiple-level aliases (#978)
  • The man page for sudoers(5) was missing (#943)

Other

  • sudo-rs copyright changed to Trifecta Tech Foundation
Credits for this release

Merged pull requests by: @bjorn3, @squell, @rnijveld, new contributors: @sylvestre, @van-sprundel
Closed issues opened by: @japaric, @BriocheBerlin, @mkg20001, @GentsunCheng, @aidanharris, @jplatte, @raforg

Contributors

rnijveld, raforg, and 10 other contributors
Loading

Version 0.2.3

11 Jul 14:05
@squell squell
v0.2.3
This tag was signed with the committer’s verified signature.
squell Marc R. Schoolderman
GPG key ID: 289D082003D01E95
Verified
Learn about vigilant mode.
b3b90d2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.2.3

Changed

  • Portability: sudo-rs now is compatible with s390x-unknown-linux-gnu
  • Removed unneeded code & fix hints given by newer Rust version

Fixed

  • visudo would not properly truncate a sudoers file (#833)
  • high CPU load when child process did not terminate after closure of a terminal (#841)
Loading

Version 0.2.2

13 Feb 11:12
@rnijveld rnijveld
v0.2.2
This tag was signed with the committer’s verified signature.
rnijveld Ruben Nijveld
GPG key ID: D5B63E45A4627F76
Verified
Learn about vigilant mode.
f317145
Compare
Choose a tag to compare
Version 0.2.2

Changed

  • Several changes to the code to improve type safety
  • Improved error message when a PTY cannot be opened
  • Improved portability of the PAM bindings
  • su: improved parsing of su command line options
  • Add path information to parse errors originating from included files

Fixed

  • Fixed a panic with large messages written to the syslog
  • sudo: respect --login regardless of the presence of --chdir
Loading

Version 0.2.1

21 Sep 14:43
@rnijveld rnijveld
v0.2.1
This tag was signed with the committer’s verified signature.
rnijveld Ruben Nijveld
GPG key ID: D5B63E45A4627F76
Verified
Learn about vigilant mode.
195d6f8
This commit was signed with the committer’s verified signature.
rnijveld Ruben Nijveld
GPG key ID: D5B63E45A4627F76
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.2.1

Version 0.2.1 is a bugfix release. This release includes a bug fix for a security issue. Users of sudo-rs are advised to upgrade to the latest version as soon a possible. Please see the security advisory for details.

Changed

  • Session records/timestamps are now stored in files with uids instead of usernames, fixing a security bug (CVE-2023-42456)
  • visudo will now resolve EDITOR via PATH
  • Input/output errors while writing text to the terminal no longer cause sudo to exit immediately
  • Switched several internal API calls from libc to Rust's std library
  • The %h escape sequence in sudoers includes directives is not supported in sudo-rs, this now gives a better diagnostic and no longer tries to include the file
  • Our PAM integration was hardened against allocation failures
  • An attempt was made to harden against rowhammer type attacks
  • Release builds no longer include debugging symbols

Fixed

  • Fixed an invalid parsing when an escaped null byte was present in the sudoers file
  • Replaced informal error message in visudo with a proper error message
Loading

Version 0.2.0

29 Aug 11:37
@squell squell
v0.2.0
This tag was signed with the committer’s verified signature.
squell Marc R. Schoolderman
GPG key ID: 289D082003D01E95
Verified
Learn about vigilant mode.
58568f0
This commit was signed with the committer’s verified signature.
squell Marc R. Schoolderman
GPG key ID: 289D082003D01E95
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 0.2.0

This is the first stable release of sudo-rs! To easily install it without needing to install the entire Rust toolchain, we provide binaries (attached below). You can use the provided tar balls to install sudo-rs without removing your existing, original sudo installation. To install sudo-rs, simply extract the provided tar balls and put the files in your /usr/local hierarchy, for example by running

sudo tar -C /usr/local -xvf sudo-0.2.0.tar.gz

Sudo-rs will use your existing /etc/sudoers configuration, but if you create a /etc/sudoers-rs file, it will read that instead. Note that sudo-rs does not implement all features of the original sudo, please check the README for more information on what is and is not supported. You can also find instructions on compiling sudo-rs yourself.

We will be working with popular Linux distributions to provide an easier installation path through the regular package managers.

Loading