Iminyaka engu-9 ngemuva kokwakhiwa kwegatsha le-1.8.x ukukhishwa okusha okubalulekile kwensiza , esetshenziselwa ukuhlela ukukhishwa kwemiyalo egameni labanye abasebenzisi.
Izinguquko ezibalulekile:
- Ukuqanjwa inqubo yangemuva , edizayinelwe ukugawulwa kwemithi phakathi kwamanye amasistimu. Lapho wakha i-sudo ngenketho ethi “--enable-openssl”, idatha idluliselwa ngesiteshi sokuxhumana esibethelwe (TLS). Ukulungiselela ukuthunyelwa kwamalogi kwenziwa kusetshenziswa inketho ye-log_servers kuma-sudoers. Ukuze ukhubaze usekelo lwendlela entsha yokuthumela ilogu, izinketho ze-“--disable-log-server” kanye “--disable-log-client” zengeziwe. Ukuhlola ukusebenzisana neseva noma ukuthumela izingodo ezikhona, insiza ye-sudo_sendlog iyahlongozwa;
- ithuba ye-sudo ku-Python, enikwe amandla uma wakha ngenketho ethi “-enable-python”;
- Kungezwe uhlobo olusha lwe-plugin - "ucwaningo", lapho kuthunyelwa khona imilayezo emayelana nezingcingo eziphumelele nezingaphumeleli, kanye namaphutha enzekayo. Uhlobo olusha lwe-plugin likuvumela ukuthi uxhume izibambi zakho zokungena ezingancikile ekusebenzeni okujwayelekile (isibonelo, isibambi sokubhala amalogi ngefomethi ye-JSON sisetshenziswa ngendlela ye-plugin);
- Kwengezwe uhlobo olusha lwe-plugin, "imvume", ukuze kwenziwe ukuhlola okwengeziwe ngemva kokuhlolwa kwemvume eyisisekelo okusekelwe emthethweni kuma-sudoers. Ama-plugin amaningana alolu hlobo angacaciswa kuzilungiselelo, kodwa ukuqinisekiswa komsebenzi kukhishwa kuphela uma kuvunywe yiwo wonke ama-plugin asohlwini lwezilungiselelo;
- Umyalo we-"sudo -S" manje uphrinta zonke izicelo kokuphumayo okujwayelekile noma i-stderr, ngaphandle kokufinyelela idivayisi yokulawula ukuphela;
- Ku-sudoers, esikhundleni se-Cmnd_Alias, ukucacisa i-Cmd_Alias manje sekuvunyelwe;
- Kwengezwe izilungiselelo ezintsha ze-pam_ruser kanye ne-pam_rhost ukuze unike amandla/ukhubaze ukusetha igama lomsebenzisi namanani okusingatha lapho usetha iseshini nge-PAM;
- Inikeza amandla okucacisa ihashi engaphezu kweyodwa ye-SHA-2 emugqeni womyalo ohlukaniswe ngokhefana. I-SHA-2 hash ingasetshenziswa futhi kuma-sudoers ngokuhambisana negama elingukhiye elithi "ALL" ukuchaza imiyalo engasetshenziswa kuphela uma i-hashi ifana;
- I-sudo ne-sudo_logsrvd zihlinzeka ngokudalwa kwefayela lokungena elengeziwe ngefomethi ye-JSON, ebonisa ulwazi mayelana nawo wonke amapharamitha emiyalo eqalisiwe, okuhlanganisa negama lomsingathi. Leli logi lisetshenziswa insiza ye-sudoreplay, manje enekhono lokuhlunga imiyalo ngegama lomsingathi;
- Uhlu lwama-agumenti omugqa womyalo oludlule kokuhlukahluka kwemvelo ye-SUDO_COMMAND manje luncishisiwe lwaba izinhlamvu ezingu-4096.
Source: opennet.ru