Bug 258479 - security/sudo: Update to 1.9.8
Summary: security/sudo: Update to 1.9.8
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Cy Schubert
URL:
Keywords: needs-qa
Depends on:
Blocks:
 
Reported: 2021-09-13 15:29 UTC by Cy Schubert
Modified: 2021-09-14 23:33 UTC (History)
1 user (show)

See Also:
garga: maintainer-feedback+
cy: merge-quarterly+


Attachments
Update sudo to 1.9.8 (1.21 KB, patch)
2021-09-13 15:29 UTC, Cy Schubert
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Cy Schubert freebsd_committer 2021-09-13 15:29:11 UTC
Created attachment 227876 [details]
Update sudo to 1.9.8

Sudo version 1.9.8 now available.  In addition to bug fixes, sudo
1.9.8 adds a new "intercept" mode that can be used to intercept the
exec family of library functions in the command run by sudo and do
a policy check on sub-commands before they are executed.  Intercept
mode uses LD_PRELOAD to communicate with the main sudo process to
perform the sudoers check.  As such, there are some limitations.
See the sudoers man page for details.

Sudo 1.9.8 also includes a new sudoers setting, log_subcmds, which
works like intercept mode but only logs the command that was run
and does not validate it against the sudoers file.

Source:
    https://www.sudo.ws/dist/sudo-1.9.8.tar.gz
    ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.8.tar.gz

SHA256 checksum:
    f1735de999804ea1af068fba6a82cb6674ea64c789813b29266fd3b16cb294e6
MD5 checksum:
    0a38acd342112b86e8163a26818bdbbd

Binary packages:
    https://www.sudo.ws/download.html#binary
    https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_8

For a list of download mirror sites, see:
    https://www.sudo.ws/download_mirrors.html

Sudo web site:
    https://www.sudo.ws/

Sudo web site mirrors:
    https://www.sudo.ws/mirrors.html

Major changes between sudo 1.9.8 and 1.9.7p2:

 * It is now possible to transparently intercepting sub-commands
   executed by the original command run via sudo.  Intercept support
   is implemented using LD_PRELOAD (or the equivalent supported by
   the system) and so has some limitations.  The two main limitations
   are that only dynamic executables are supported and only the
   execl, execle, execlp, execv, execve, execvp, and execvpe library
   functions are currently intercepted. Its main use case is to
   support restricting privileged shells run via sudo.

   To support this, there is a new "intercept" Defaults setting and
   an INTERCEPT command tag that can be used in sudoers.  For example:

    Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
    Defaults!SHELLS intercept

   would cause sudo to run the listed shells in intercept mode.
   This can also be set on a per-rule basis.  For example:

    Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
    chuck ALL = INTERCEPT: SHELLS

   would only apply intercept mode to user "chuck" when running one
   of the listed shells.

   In intercept mode, sudo will not prompt for a password before
   running a sub-command and will not allow a set-user-ID or
   set-group-ID program to be run by default.  The new
   intercept_authenticate and intercept_allow_setid sudoers settings
   can be used to change this behavior.

 * The new "log_subcmds" sudoers setting can be used to log additional
   commands run in a privileged shell.  It uses the same mechanism as
   the intercept support described above and has the same limitations.

 * Support for logging sudo_logsrvd errors via syslog or to a file.
   Previously, most sudo_logsrvd errors were only visible in the
   debug log.

 * Better diagnostics when there is a TLS certificate validation error.

 * Using the "+=" or "-=" operators in a Defaults setting that takes
   a string, not a list, now produces a warning from sudo and a
   syntax error from inside visudo.

 * Fixed a bug where the "iolog_mode" setting in sudoers and sudo_logsrvd
   had no effect when creating I/O log parent directories if the I/O log
   file name ended with the string "XXXXXX".

 * Fixed a bug in the sudoers custom prompt code where the size
   parameter that was passed to the strlcpy() function was incorrect.
   No overflow was possible since the correct amount of memory was
   already pre-allocated.

 * The mksigname and mksiglist helper programs are now built with
   the host compiler, not the target compiler, when cross-compiling.
   Bug #989.

 * Fixed compilation error when the --enable-static-sudoers configure
   option was specified.  This was due to a typo introduced in sudo
   1.9.7.  GitHub PR #113.

2.		(text/plain)
____________________________________________________________
sudo-announce mailing list <sudo-announce@sudo.ws>
For list information, options, or to unsubscribe, visit:
https://www.sudo.ws/mailman/listinfo/sudo-announce
Comment 1 Renato Botelho freebsd_committer 2021-09-14 11:51:38 UTC
Approved.  Thanks!
Comment 2 commit-hook freebsd_committer 2021-09-14 16:51:18 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=c403b7871cf09f123de4151bb77e8438f342075e

commit c403b7871cf09f123de4151bb77e8438f342075e
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2021-09-13 15:32:19 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2021-09-14 16:50:22 +0000

    securty/sudo: Update to 1.9.8

    Major changes between sudo 1.9.8 and 1.9.7p2:

     * It is now possible to transparently intercepting sub-commands
       executed by the original command run via sudo.  Intercept support
       is implemented using LD_PRELOAD (or the equivalent supported by
       the system) and so has some limitations.  The two main limitations
       are that only dynamic executables are supported and only the
       execl, execle, execlp, execv, execve, execvp, and execvpe library
       functions are currently intercepted. Its main use case is to
       support restricting privileged shells run via sudo.

       To support this, there is a new "intercept" Defaults setting and
       an INTERCEPT command tag that can be used in sudoers.  For example:

        Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
        Defaults!SHELLS intercept

       would cause sudo to run the listed shells in intercept mode.
       This can also be set on a per-rule basis.  For example:

        Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
        chuck ALL = INTERCEPT: SHELLS

       would only apply intercept mode to user "chuck" when running one
       of the listed shells.

       In intercept mode, sudo will not prompt for a password before
       running a sub-command and will not allow a set-user-ID or
       set-group-ID program to be run by default.  The new
       intercept_authenticate and intercept_allow_setid sudoers settings
       can be used to change this behavior.

     * The new "log_subcmds" sudoers setting can be used to log additional
       commands run in a privileged shell.  It uses the same mechanism as
       the intercept support described above and has the same limitations.

     * Support for logging sudo_logsrvd errors via syslog or to a file.
       Previously, most sudo_logsrvd errors were only visible in the
       debug log.

     * Better diagnostics when there is a TLS certificate validation error.

     * Using the "+=" or "-=" operators in a Defaults setting that takes
       a string, not a list, now produces a warning from sudo and a
       syntax error from inside visudo.

     * Fixed a bug where the "iolog_mode" setting in sudoers and sudo_logsrvd
       had no effect when creating I/O log parent directories if the I/O log
       file name ended with the string "XXXXXX".

     * Fixed a bug in the sudoers custom prompt code where the size
       parameter that was passed to the strlcpy() function was incorrect.
       No overflow was possible since the correct amount of memory was
       already pre-allocated.

     * The mksigname and mksiglist helper programs are now built with
       the host compiler, not the target compiler, when cross-compiling.
       Bug #989.

     * Fixed compilation error when the --enable-static-sudoers configure
       option was specified.  This was due to a typo introduced in sudo
       1.9.7.  GitHub PR #113.

    Submitted by:   cy
    PR:             258479
    Approved by:    garga (maintainer)
    MFH:            2021Q3

 security/sudo/Makefile  | 2 +-
 security/sudo/distinfo  | 6 +++---
 security/sudo/pkg-plist | 1 +
 3 files changed, 5 insertions(+), 4 deletions(-)
Comment 3 Cy Schubert freebsd_committer 2021-09-14 17:03:52 UTC
Taking this PR to remind me to MFH.
Comment 4 commit-hook freebsd_committer 2021-09-14 19:40:46 UTC
A commit in branch 2021Q3 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=79b90357fc19f404d4196c08a70c039d5f2bef06

commit 79b90357fc19f404d4196c08a70c039d5f2bef06
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2021-09-13 15:32:19 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2021-09-14 19:39:20 +0000

    securty/sudo: Update to 1.9.8

    Major changes between sudo 1.9.8 and 1.9.7p2:

     * It is now possible to transparently intercepting sub-commands
       executed by the original command run via sudo.  Intercept support
       is implemented using LD_PRELOAD (or the equivalent supported by
       the system) and so has some limitations.  The two main limitations
       are that only dynamic executables are supported and only the
       execl, execle, execlp, execv, execve, execvp, and execvpe library
       functions are currently intercepted. Its main use case is to
       support restricting privileged shells run via sudo.

       To support this, there is a new "intercept" Defaults setting and
       an INTERCEPT command tag that can be used in sudoers.  For example:

        Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
        Defaults!SHELLS intercept

       would cause sudo to run the listed shells in intercept mode.
       This can also be set on a per-rule basis.  For example:

        Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
        chuck ALL = INTERCEPT: SHELLS

       would only apply intercept mode to user "chuck" when running one
       of the listed shells.

       In intercept mode, sudo will not prompt for a password before
       running a sub-command and will not allow a set-user-ID or
       set-group-ID program to be run by default.  The new
       intercept_authenticate and intercept_allow_setid sudoers settings
       can be used to change this behavior.

     * The new "log_subcmds" sudoers setting can be used to log additional
       commands run in a privileged shell.  It uses the same mechanism as
       the intercept support described above and has the same limitations.

     * Support for logging sudo_logsrvd errors via syslog or to a file.
       Previously, most sudo_logsrvd errors were only visible in the
       debug log.

     * Better diagnostics when there is a TLS certificate validation error.

     * Using the "+=" or "-=" operators in a Defaults setting that takes
       a string, not a list, now produces a warning from sudo and a
       syntax error from inside visudo.

     * Fixed a bug where the "iolog_mode" setting in sudoers and sudo_logsrvd
       had no effect when creating I/O log parent directories if the I/O log
       file name ended with the string "XXXXXX".

     * Fixed a bug in the sudoers custom prompt code where the size
       parameter that was passed to the strlcpy() function was incorrect.
       No overflow was possible since the correct amount of memory was
       already pre-allocated.

     * The mksigname and mksiglist helper programs are now built with
       the host compiler, not the target compiler, when cross-compiling.
       Bug #989.

     * Fixed compilation error when the --enable-static-sudoers configure
       option was specified.  This was due to a typo introduced in sudo
       1.9.7.  GitHub PR #113.

    Submitted by:   cy
    PR:             258479
    Approved by:    garga (maintainer)

    (cherry picked from commit c403b7871cf09f123de4151bb77e8438f342075e)

 security/sudo/Makefile  | 2 +-
 security/sudo/distinfo  | 6 +++---
 security/sudo/pkg-plist | 1 +
 3 files changed, 5 insertions(+), 4 deletions(-)
Comment 5 Cy Schubert freebsd_committer 2021-09-14 19:43:20 UTC
Committed and MFHed.
Comment 6 Kubilay Kocak freebsd_committer freebsd_triage 2021-09-14 23:33:41 UTC
(In reply to Cy Schubert from comment #3)

P.S Leaving flags open (?) will remind folks in the flags value that something needs to be done