Version 0.2.1 is a bugfix release. This release includes a bug fix for a security issue. Users of sudo-rs are advised to upgrade to the latest version as soon a possible. Please see the security advisory for details.
Changed
- Session records/timestamps are now stored in files with uids instead of usernames, fixing a security bug (CVE-2023-42456)
visudowill now resolveEDITORviaPATH- Input/output errors while writing text to the terminal no longer cause sudo to exit immediately
- Switched several internal API calls from libc to Rust's std library
- The
%hescape sequence in sudoers includes directives is not supported in sudo-rs, this now gives a better diagnostic and no longer tries to include the file - Our PAM integration was hardened against allocation failures
- An attempt was made to harden against rowhammer type attacks
- Release builds no longer include debugging symbols
Fixed
- Fixed an invalid parsing when an escaped null byte was present in the sudoers file
- Replaced informal error message in
visudowith a proper error message