- In
pwfeedbackmode, pressing TAB will turn off the visual feedback (#1487) - To allow specifying partial arguments (such as subcommands) in /etc/sudoers
rules, a standalone
*as the last argument can now be used to denote "zero or more following arguments". Attempts to use wildcards in other positions will now result in an explicit parse error withvisudo. (#1455) - A Polish translation of the command line interface
Defaults pwfeedbackis now on by default! (#1300)- UX improvements in the password prompt: it can be suspended/resumed (#1499), and backspace supports multibyte characters (#1451)
- sudoedit now also checks ACLs for misconfigurations (#1477)
- Better error message if sudo-rs is being run in a container that has
no_new_privsenabled. (#1164) - IPv4-like hostnames in
/etc/sudoersare now explicitly rejected (#1466) - sudo-rs now requires at least Rust 1.85 to compile
- When using
-i / --login, the HOME, SHELL, USER and LOGNAME are now always set to the target user, even if they are part of theenv_keeplist. (#1335) - Arguments in
SUDO_EDITORwere not supported (#1491) sudo --belldid not work with PAM fingerprint module (#1180)- Host-specific
Defaultscould result in an erroneous parse error (#1468) - Command arguments containing non-UTF8 characters were rejected (#1413)
lecturesetting is now correctly ignored (#1481)
- Support for
-b / --backgroundto run commands in the background
- visudo will now complain about unsupported command tags (#1401)
- When run in a pipe from ksh with
use_ptywould put the TTY in an unusable state (#1417, introduced in 0.2.11) - When run as the last command in a pipe with
use_pty, sudo-rs would not grant the executed command access to the TTY (#1263) - Documentation didn't explicitly mention
-A(#1431)
- Support for
-A / --askpassto enable using an external askpass program under control of theSUDO_ASKPASSenvironment variable. - Functional support for localisation. This can be enabled by building sudo-rs
with the
gettextfeature and installing asudo-rs.moin the correct LC_MESSAGES folder. Since we have no translations yet this is off by default.
- sudo is always built with sudoedit functionality
- sudo no longer sets the archaic
MAILenvironment variable - timestamps format has been changed to always check for session pid (#1132). As a consequence, timestamps created by earlier versions of sudo-rs are invalidated after upgrading to this version.
- The folder containing zoneinfo is detected at runtime;
build.rswas removed - The default value of
Defaults editorhas been changed on Linux to remove the dependence on Debian-specific/usr/bin/editor.
sudo -imaderootas owner of the pty instead of the login user (#1333)- visudo usability improvements (#1388, #1394)
- Mistakes in the man pages (#1338, #1362, #1387)
- Better error message when /etc/sudoers contains regular expressions (#1352)
- Better error message when /etc/sudoers is missing (#1368)
- Redirecting input/output to another TTY was not recognized as redirection; this fix originated from Todd Miller's sudo (#1380)
- Message shown at password timeout has been made nicer (#1171)
- Interrupting a PAM module that handles its own input such as
fprintdwill not prevent other authentication modes from being tried. (#1308)
- Some formatting mistakes in the man pages (#1285)
- Unhandled exception if user would attempt to execute a folder (#1298)
Defaults passwd_tries=0effectively disabled the limit on password tries rather than setting the limit to zero (#1313)- sudoedit ignored supplementary groups when checking writability (#1321)
- A partially typed password would be output to standard input if a timeout
occurred when
Defaults pwfeedbackwas not enabled (GHSA-q428-6v73-fc4q). - Timestamp files did not take into account the setting of the
Defaults targetpwandDefaults rootpw(GHSA-c978-wq47-pvvw) - Minor tokenization error in /etc/sudoers processing (#1296)
SUDO_HOMEvariable will now be set to the invoking user's home directory
Defaults noninteractive_authnow controls whether PAM authentication modules are allowed to attempt authentication whensudo --non-interactiveis being used (new default: off). Previous versions had this as always-on to allow fully automatic authentication methods to succeed.
- Two bugs in managing the PTY connected to the child process that negatively impacted interactive usability (#1130, #1264)
visudo --helpshowed command flags that were removed (#1239)- Format flags in
SUDO_PROMPTwere not expanded (#1252) sudowould abort with an unhandled exception instead if an attempt was was made to match a "netgroup", instead of ignoring these (#1262)- A few tokenizer errors in /etc/sudoers processing (#1273, #1274, #1283)
- Some formatting mistakes in the man pages (#1285)
sudo -e,sudoeditto safely edit files as another user.
NOEXEC:could not be used to prevent all shell escapes on multi-architecture installations (#1229)sudo --listwould not showNOEXEC,SETENVandAPPARMOR_PROFILE(#1228)- Skip paths not accessible by the target user during command resolution (#1234)
- Linux kernels older than 5.9 are now supported.
- Support for
Defaults noexec/NOEXEC:on Linux systems based on seccomp filtering to prevent shell escapes in wide range of cases. This should also work on programs not written in C and statically linked executables. - Support for
passwd_timeout - Support for
umaskandumask_override --preserve-env=VARis now supported to preserve selected environment variables in a more convenient way
- sudo-rs now uses CLOEXEC to close open file descriptors in the child process
- Relative paths like
./insecure_path/PATHare now ignored. apparmor.sois dynamically loaded by sudo itself, as-needed
- Usernames that start with
_or have non-western characters were not supported as a valid username in /etc/sudoers (#1149) - Other usability improvements in /etc/sudoers (#1117, #1126, #1134, #1157)
- Support for
Defaults setenv - Support for the
listpseudocommand to controlsudo -U - Support for switching AppArmor profiles though
Defaults apparmor_profileand theAPPARMOR_PROFILEcommand modifier. To enable this, build sudo-rs with the apparmor feature enabled.
- Added a check against PAM modules changing the user during authentication (#1062)
listpseudocommand now controls whether a password is required forsudo -l -U
- Usernames commonly used by Active Directory were not parsed correctly (#1064)
- Test compilation was broken on 32-bit systems (#1074)
pwfeedbackwas ignored forsudo --listandsudo --validate(#1092)- Compilation with musl instead of glibc on Linux was not possible (#1084)
sudo --listnow does more checking before reporting errors or listing the rights of a user, fixing two security bugs (CVE-2025-46717 and CVE-2025-46718)
sudo visudowill protect you from accidentally locking yourself out- Support for
--promptandSUDO_PROMPTenvironment variable - Support for
Defaults targetpw - Support for
VAR=VALUEmatching inDefaults env_keep/env_check - Support for
--bell
- Portability: sudo-rs supports FreeBSD!
sudo -vwill only ask for a password if the policy requires it
- Manual wrongly claimed
timestamp_timeoutsupported negative values (#1032) timestamp_timeoutin excess of 292 billion years were not rejected (#1048)- Usernames in /etc/sudoers can contain special characters by using double quotes or escaping them (#1045)
- Support for
SETENV:and correspondingsudo VAR=value commandsyntax - Support for
Defaults rootpw - Support for
Defaults pwfeedback - Support for host/user/runas/command-specific
Defaults
- Portability: sudo-rs now has experimental support for FreeBSD!
pam-loginfeature now controls if PAM service name 'sudo-i' is used
- Bug in syslog writer could cause sudo to hang (#856)
- SHELL was not canonicalized when using
sudo -sorsudo -i(#962) - RunAs_Spec was not carried over on the same /etc/sudoers line (#974)
- sudo --list did not unfold multiple-level aliases (#978)
- The man page for sudoers was missing (#943)
- sudo-rs copyright changed to Trifecta Tech Foundation
0.2.3 - 2024-07-11
- Portability: sudo-rs now is compatible with s390x-unknown-linux-gnu
- Removed unneeded code & fix hints given by newer Rust version
visudowould not properly truncate asudoersfile- high CPU load when child process did not terminate after closure of a terminal
0.2.2 - 2024-02-02
- Several changes to the code to improve type safety
- Improved error message when a PTY cannot be opened
- Improved portability of the PAM bindings
- su: improved parsing of su command line options
- Add path information to parse errors originating from included files
- Fixed a panic with large messages written to the syslog
- sudo: respect
--loginregardless of the presence of--chdir
0.2.1 - 2023-09-21
- Session records/timestamps are now stored in files with uids instead of usernames, fixing a security bug (CVE-2023-42456)
visudowill now resolveEDITORviaPATH- Input/output errors while writing text to the terminal no longer cause sudo to exit immediately
- Switched several internal API calls from libc to Rust's std library
- The
%hescape sequence in sudoers includes directives is not supported in sudo-rs, this now gives a better diagnostic and no longer tries to include the file - Our PAM integration was hardened against allocation failures
- An attempt was made to harden against rowhammer type attacks
- Release builds no longer include debugging symbols
- Fixed an invalid parsing when an escaped null byte was present in the sudoers file
- Replaced informal error message in
visudowith a proper error message
0.2.0 - 2023-08-29
visudocan set/fix file permissions using the--permsCLI flagvisudocan set/fix the file owner using the--ownerCLI flag- Read
env_editorfrom sudoers file for visudo - Add basic support for
--listin sudo
visudonow uses a random filename for the temporary file you are editingsunow runs with a PTY by default- Included files with relative paths in the sudoers file are imported relative from the sudoers file
sudonow checks if ownership and setuid bits have been set correctly on its binary- When syslog messages are too large they will be split between multiple messages to prevent message truncation
- We now accept a wider range of dependencies
- Our MSRV (minimum supported rust version) has been set at 1.70.0
- Set arg0 to the non-resolved filename when running a command, preventing issues with symlinks when commands rely on link filenames
0.2.0-dev.20230711 - 2023-07-11
- Add initial
visudoimplementation - Add support for
~in--chdir - Log commands that will be executed in the auth syslog
- Add a manpage for the
sudocommand
- The SUDO_RS_IS_UNSTABLE environment variable is no longer required
- Sudo-rs will now read
/etc/sudoers-rsor/etc/sudoersif the former is not available. We no longer read/etc/sudoers.test - Removed signal-hook and signal-hook-registry dependencies
- Improved error handling when
--chdiris passed but not allowed - Properly handle
SIGWINCHwhen running commands with a PTY
- Only call ttyname and isatty on character devices
- Fixed a bug in syslog FFI
0.2.0-dev.20230703 - 2023-07-03
- Add
timestamp_timeoutsupport in sudoers file - Add ability to disable
use_ptyin the sudoers file
- Set the TTY name for PAM sessions on a TTY
- Set the requesting user for PAM sessions
- Simplified some error messages when a command could not be executed
- Reveal less about what caused a command not to be executable
- Continued rework of the pty exec
- Fixed exit codes for
su - Fixed environment filtering for
su - Fixed
SHELLhandling forsu
0.2.0-dev.20230627 - 2023-06-27
- Add
passwd_triessupport in sudoers file - Add developer logs (only enabled with the
devfeature)
- Only use a PTY to spawn the process if a TTY is available
- Continued rework of the pty exec
- Aliasing is now implemented similarly to the original sudo
- You can no longer define an
ALLalias in the sudoers file - Use canonicalized paths for the executed binaries
- Simplified CLI help to only display supported actions