Version 0.2.3

Changed

• Portability: sudo-rs now is compatible with s390x-unknown-linux-gnu
• Removed unneeded code & fix hints given by newer Rust version

Fixed

• visudo would not properly truncate a sudoers file (#833)
• high CPU load when child process did not terminate after closure of a terminal (#841)

Version 0.2.2

Changed

• Several changes to the code to improve type safety
• Improved error message when a PTY cannot be opened
• Improved portability of the PAM bindings
• su: improved parsing of su command line options
• Add path information to parse errors originating from included files

Fixed

• Fixed a panic with large messages written to the syslog
• sudo: respect --login regardless of the presence of --chdir

Version 0.2.1

Version 0.2.1 is a bugfix release. This release includes a bug fix for a security issue. Users of sudo-rs are advised to upgrade to the latest version as soon a possible. Please see the security advisory for details.

Changed

• Session records/timestamps are now stored in files with uids instead of usernames, fixing a security bug (CVE-2023-42456)
• visudo will now resolve EDITOR via PATH
• Input/output errors while writing text to the terminal no longer cause sudo to exit immediately
• Switched several internal API calls from libc to Rust's std library
• The %h escape sequence in sudoers includes directives is not supported in sudo-rs, this now gives a better diagnostic and no longer tries to include the file
• Our PAM integration was hardened against allocation failures
• An attempt was made to harden against rowhammer type attacks
• Release builds no longer include debugging symbols

Fixed

• Fixed an invalid parsing when an escaped null byte was present in the sudoers file
• Replaced informal error message in visudo with a proper error message

Version 0.2.0

This is the first stable release of sudo-rs! To easily install it without needing to install the entire Rust toolchain, we provide binaries (attached below). You can use the provided tar balls to install sudo-rs without removing your existing, original sudo installation. To install sudo-rs, simply extract the provided tar balls and put the files in your /usr/local hierarchy, for example by running

sudo tar -C /usr/local -xvf sudo-0.2.0.tar.gz

Sudo-rs will use your existing /etc/sudoers configuration, but if you create a /etc/sudoers-rs file, it will read that instead. Note that sudo-rs does not implement all features of the original sudo, please check the README for more information on what is and is not supported. You can also find instructions on compiling sudo-rs yourself.

We will be working with popular Linux distributions to provide an easier installation path through the regular package managers.