0.2.3 - 2024-07-11
- Portability: sudo-rs now is compatible with s390x-unknown-linux-gnu
- Removed unneeded code & fix hints given by newer Rust version
visudowould not properly truncate asudoersfile- high CPU load when child process did not terminate after closure of a terminal
0.2.2 - 2024-02-02
- Several changes to the code to improve type safety
- Improved error message when a PTY cannot be opened
- Improved portability of the PAM bindings
- su: improved parsing of su command line options
- Add path information to parse errors originating from included files
- Fixed a panic with large messages written to the syslog
- sudo: respect
--loginregardless of the presence of--chdir
0.2.1 - 2023-09-21
- Session records/timestamps are now stored in files with uids instead of usernames, fixing a security bug (CVE-2023-42456)
visudowill now resolveEDITORviaPATH- Input/output errors while writing text to the terminal no longer cause sudo to exit immediately
- Switched several internal API calls from libc to Rust's std library
- The
%hescape sequence in sudoers includes directives is not supported in sudo-rs, this now gives a better diagnostic and no longer tries to include the file - Our PAM integration was hardened against allocation failures
- An attempt was made to harden against rowhammer type attacks
- Release builds no longer include debugging symbols
- Fixed an invalid parsing when an escaped null byte was present in the sudoers file
- Replaced informal error message in
visudowith a proper error message
0.2.0 - 2023-08-29
visudocan set/fix file permissions using the--permsCLI flagvisudocan set/fix the file owner using the--ownerCLI flag- Read
env_editorfrom sudoers file for visudo - Add basic support for
--listin sudo
visudonow uses a random filename for the temporary file you are editingsunow runs with a PTY by default- Included files with relative paths in the sudoers file are imported relative from the sudoers file
sudonow checks if ownership and setuid bits have been set correctly on its binary- When syslog messages are too large they will be split between multiple messages to prevent message truncation
- We now accept a wider range of dependencies
- Our MSRV (minimum supported rust version) has been set at 1.70.0
- Set arg0 to the non-resolved filename when running a command, preventing issues with symlinks when commands rely on link filenames
0.2.0-dev.20230711 - 2023-07-11
- Add initial
visudoimplementation - Add support for
~in--chdir - Log commands that will be executed in the auth syslog
- Add a manpage for the
sudocommand
- The SUDO_RS_IS_UNSTABLE environment variable is no longer required
- Sudo-rs will now read
/etc/sudoers-rsor/etc/sudoersif the former is not available. We no longer read/etc/sudoers.test - Removed signal-hook and signal-hook-registry dependencies
- Improved error handling when
--chdiris passed but not allowed - Properly handle
SIGWINCHwhen running commands with a PTY
- Only call ttyname and isatty on character devices
- Fixed a bug in syslog FFI
0.2.0-dev.20230703 - 2023-07-03
- Add
timestamp_timeoutsupport in sudoers file - Add ability to disable
use_ptyin the sudoers file
- Set the TTY name for PAM sessions on a TTY
- Set the requesting user for PAM sessions
- Simplified some error messages when a command could not be executed
- Reveal less about what caused a command not to be executable
- Continued rework of the pty exec
- Fixed exit codes for
su - Fixed environment filtering for
su - Fixed
SHELLhandling forsu
0.2.0-dev.20230627 - 2023-06-27
- Add
passwd_triessupport in sudoers file - Add developer logs (only enabled with the
devfeature)
- Only use a PTY to spawn the process if a TTY is available
- Continued rework of the pty exec
- Aliasing is now implemented similarly to the original sudo
- You can no longer define an
ALLalias in the sudoers file - Use canonicalized paths for the executed binaries
- Simplified CLI help to only display supported actions