Dirk Mueller
7c6c82c48c
- Update to 1.8,28p1 * The fix for Bug #869 caused "sudo -v" to prompt for a password when "verifypw" is set to "all" (the default) and all of the user's sudoers entries are marked with NOPASSWD. Bug #901. - Update to 1.8.28 * Fixed CVE-2019-14287 (bsc#1153674), a bug where a sudo user may be able to run a command as root when the Runas specification explicitly disallows root access as long as the ALL keyword is listed first. * Sudo will now only set PAM_TTY to the empty string when no terminal is present on Solaris and Linux. This workaround is only needed on those systems which may have PAM modules that misbehave when PAM_TTY is not set. * The mailerflags sudoers option now has a default value even if sendmail support was disabled at configure time. Fixes a crash when the mailerpath sudoers option is set but mailerflags is not. Bug #878. * Sudo will now filter out last login messages on HP-UX unless it a shell is being run via "sudo -s" or "sudo -i". Otherwise, when trusted mode is enabled, these messages will be displayed for each command. * Sudo has a new -B command line option that will ring the terminal bell when prompting for a password. * Sudo no longer refuses to prompt for a password when it cannot determine the user's terminal as long as it can open /dev/tty. This allows sudo to function on systems where /proc is unavailable, such as when running in a chroot environment. * The "env_editor" sudoers flag is now on by default. This makes source builds more consistent with the packages generated by OBS-URL: https://build.opensuse.org/request/show/738914 OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=156
In the default (ie unconfigured) configuration sudo asks for root password. This allows to use an ordinary user account for administration of a freshly installed system. When configuring sudo, please make sure to delete the two following lines: Defaults targetpw # ask for the password of the target user i.e. root %users ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!