Kwiminyaka eli-9 emva kokusekwa kwesebe le-1.8.x ukukhutshwa okutsha okubalulekileyo kosetyenziso , esetyenziselwa ukulungelelanisa ukuphunyezwa kwemiyalelo egameni labanye abasebenzisi.
Utshintsho oluphambili:
- Icandelo inkqubo yangasemva , eyilelwe ukugawulwa okuphakathi kwezinye iinkqubo. Xa usakha i-sudo nge-"--enable-openssl" ukhetho, idatha ihanjiswa kwitshaneli yonxibelelwano efihliweyo (TLS). Ukuqwalasela ukuthunyelwa kweelog kwenziwa kusetyenziswa ilog_servers ukhetho kwi sudoers. Ukukhubaza inkxaso yendlela entsha yokuthumela ilog, "--disable-log-server" kunye "--disable-log-client" iinketho zongeziwe. Ukuvavanya intsebenziswano kunye nomncedisi okanye ukuthumela iilog ezikhoyo, i sudo_sendlog into eluncedo iyacetywa;
- ithuba ye-sudo kwiPython, eyenziwa xa usakha ngo "-enable-python" ukhetho;
- Uhlobo olutsha lweplagin longeziwe - "uphicotho", apho imiyalezo malunga neefowuni eziphumeleleyo nezingaphumeleliyo, kunye neempazamo ezenzekayo, zithunyelwa. Uhlobo olutsha lwe-plugin lukuvumela ukuba udibanise abaphathi bakho bokugawulwa kwemithi engaxhomekekanga ekusebenzeni okusemgangathweni (umzekelo, umgcini wokubhala iilogi kwifomathi ye-JSON iphunyezwe ngendlela yeplagin);
- Yongezwe uhlobo olutsha lweplagi, "ukuvunywa", ukwenza iitshekhi ezongezelelweyo emva kwemvume esisiseko esekwe kumgaqo ophumeleleyo kwi-sudoers. Iiplagi ezininzi zolu hlobo zinokuchazwa kwisethingi, kodwa ukuqinisekiswa komsebenzi kukhutshwa kuphela ukuba kuvunywe kuzo zonke iiplagi ezidweliswe kwizicwangciso;
- Umyalelo we "sudo -S" ngoku uprinta zonke izicelo kwimveliso eqhelekileyo okanye i-stderr, ngaphandle kokufikelela kwisixhobo solawulo lwesiphelo;
- Kwi-sudoers, endaweni ye-Cmnd_Alias, ukucacisa i-Cmd_Alias ββngoku kwamkelekile;
- Yongeza i-pam_ruser entsha kunye ne-pam_rhost izicwangciso ukwenza/ukuvala igama lomsebenzisi kunye namaxabiso omamkeli xa ucwangcisa iseshoni ngePAM;
- Ibonelela ngokukwazi ukucacisa ngaphezu kwe-SHA-2 hash enye kumgca womyalelo owahlulwe ngekoma. I-SHA-2 hash inokusetyenziswa kwi-sudoers ngokubambisana negama elingundoqo elithi "ALL" ukuchaza imiyalelo enokuthi iqhutywe kuphela ukuba i-hash iyahambelana;
- I-sudo kunye ne-sudo_logsrvd zibonelela ngokudala ifayile yelog eyongezelelweyo kwifomati ye-JSON, ebonisa ulwazi malunga nazo zonke iiparameters zemiyalelo eqalwayo, kuquka negama lenginginya. Le log isetyenziswa yi sudoreplay eluncedo, ekwaziyo ngoku ukuhluza imiyalelo ngegama lenginginya;
- Uluhlu lweengxoxo zelayini yomyalelo ezigqithiswe kwi-SUDO_COMMAND umahluko wemeko-bume ngoku icuthwe ukuya kuma-4096 oonobumba.
umthombo: opennet.ru