Репозиторий Sisyphus
Последнее обновление: 1 октября 2023 | Пакетов: 18631 | Посещений: 37040627
en ru br
Репозитории ALT
S:2.0.12-alt1
5.1: 1.3.4-alt1
4.1: 1.3.0-alt1
4.0: 1.3.0-alt1
3.0: 1.2.2-alt1
+backports:1.2.9-alt1.M30.1
www.altlinux.org/Changes

Группа :: Разработка/Прочее
Пакет: hasher-priv

 Главная   Изменения   Спек   Патчи   Sources   Загрузить   Gear   Bugs and FR  Repocop 

25 июля 2023 Arseny Maslennikov <arseny at altlinux.org> 2.0.12-alt1

  • hasher-useradd: Started using gpasswd(8) again.

28 июня 2023 Arseny Maslennikov <arseny at altlinux.org> 2.0.11-alt1

  • hasher-useradd: Fixed service auto-enable on sysvinit.

28 июня 2023 Arseny Maslennikov <arseny at altlinux.org> 2.0.10-alt1

  • hasher-useradd: Fixed implementation of "--system".
  • Made hasher-useradd auto-enable hasher-privd if users were added.
  • hasher-useradd: Replaced gpasswd(8) with usermod(8).

10 января 2023 Dmitry V. Levin <ldv at altlinux.org> 2.0.9-alt1

  • Fixed wlimit_time_elapsed support introduced in 0.6-alt1.

29 октября 2022 Dmitry V. Levin <ldv at altlinux.org> 2.0.8-alt1

  • Fixed build with lcc (reported by Ilya Kurdyukov).

26 октября 2022 Dmitry V. Levin <ldv at altlinux.org> 2.0.7-alt1

  • hasher-privd(8): added a note on cgroup handling
     (by Arseny Maslennikov).

21 октября 2022 Dmitry V. Levin <ldv at altlinux.org> 2.0.6-alt1

  • Packaged socket directory.
  • chrootuid.sh: moved systemd-run invocation to the hasher project
     (by Arseny Maslennikov).

14 октября 2022 Dmitry V. Levin <ldv at altlinux.org> 2.0.5-alt1

  • hasher-privd(8): added an overview of the hasher-privd architecture
     (by Arseny Maslennikov).
  • mount: allowed non-dev subdirectories to be owned by rooter.

3 сентября 2022 Dmitry V. Levin <ldv at altlinux.org> 2.0.4-alt1

  • killuid: robustify by removing the limit on the number of processes.

2 сентября 2022 Dmitry V. Levin <ldv at altlinux.org> 2.0.3-alt1

  • Robustify the service daemon by rejecting clients passing strings
     of total size exceeding the kernel limit for string arguments.

1 сентября 2022 Dmitry V. Levin <ldv at altlinux.org> 2.0.2-alt1

  • Harden the service daemon further by setting PR_SET_NO_NEW_PRIVS flag.

1 сентября 2022 Dmitry V. Levin <ldv at altlinux.org> 2.0.1-alt1

  • Forward the process personality from the client to the server.

31 августа 2022 Dmitry V. Levin <ldv at altlinux.org> 2.0-alt1

  • Rewritten using a client-server architecture
     (by Alexey Gladkov, Arseny Maslennikov, Gleb Fotengauer-Malinovskiy, and me).

29 июля 2021 Dmitry V. Levin <ldv at altlinux.org> 1.6.1-alt1

  • sanitize_fds: changed to use close_range(2) if available (by Arseny Maslennikov).
  • hasher-useradd: added new option: -r/--system (by Arseny Maslennikov).
  • Added hidepid=2 to builtin /proc mount options.

10 сентября 2019 Dmitry V. Levin <ldv at altlinux.org> 1.6.0-alt1

  • x11_parse_display: fixed hostname:displaynumber separation.
  • Do not issue the warning about X11 auth data mismatch when
     the message contains no X11 auth data.
  • Added /sys/fs/cgroup to the hardcoded fstab.
  • Removed mount, umount, makedev, maketty, and makeconsole
     operation modes, their job is now handled by chrootuid1
     and chrootuid2 operation modes.
  • Introduced allowed_devices configuration option.

17 февраля 2016 Dmitry V. Levin <ldv at altlinux.org> 1.5.2-alt1

  • chrootuid: Implemented /dev/pts/ptmx support.
  • Hardened default mount options for builtin mount points.
  • Changed builtin devpts mount options to use "newinstance" feature.

23 января 2015 Dmitry V. Levin <ldv at altlinux.org> 1.5.1-alt1

  • Allowed group writable sticky directories to be used as
     mount points when mount namespace isolation is in effect.
  • Added /dev/shm to the list of built-in mount points.

2 декабря 2013 Dmitry V. Levin <ldv at altlinux.org> 1.5.0-alt1

  • Made X11 forwarding work with network isolation enabled.
  • Allowed mount points to be owned by the first pseudouser
     when mount namespace isolation is enabled.
  • Hardened default mount options for built-in mount points.
  • Fixed purging IPC objects created by the first pseudouser.

16 октября 2012 Dmitry V. Levin <ldv at altlinux.org> 1.4.0-alt1

  • Implemented mount namespace isolation.

5 июня 2012 Dmitry V. Levin <ldv at altlinux.org> 1.3.10-alt1

  • Made IPC namespace isolation controllable by share_ipc environment
     variable.

10 августа 2011 Dmitry V. Levin <ldv at altlinux.org> 1.3.9-alt1

  • Merge "killuid1" and "killuid2" commands into new "killuid" command.

6 июля 2011 Dmitry V. Levin <ldv at altlinux.org> 1.3.8-alt1

  • chrootuid: if unshare(2) fails with EPERM, treat it like ENOSYS.

1 июля 2011 Dmitry V. Levin <ldv at altlinux.org> 1.3.7-alt1

  • Implemented System V IPC namespace isolation.
  • Implemented UTS namespace isolation.
     By default, if unshare(CLONE_NEWUTS) syscall is supported, then
     UTS namespace inside chroot is isolated from host UTS namespace,
     and hostname is set to localhost.localdomain.

13 января 2011 Dmitry V. Levin <ldv at altlinux.org> 1.3.6-alt1

  • Made some error messages a bit more specific.
  • By default, when network isolation is not enabled explicitly,
     do not terminate with a fatal error if unshare(CLONE_NEWNET)
     is not supported by the kernel, just complain and continue
     without network isolation.
     Proposed by Denis Smirnov and Michael Shigorin.

4 декабря 2010 Dmitry V. Levin <ldv at altlinux.org> 1.3.5-alt1

  • Handle child stderr before stdout.
  • Implemented network isolation (by Kirill A. Shutemov).

22 июня 2009 Dmitry V. Levin <ldv at altlinux.org> 1.3.4-alt1

  • hasher-priv.conf.5.in: Updated information about default prefix values.
  • Fixed new compilation warnings about dereferencing type-punned pointers.

28 января 2009 Dmitry V. Levin <ldv at altlinux.org> 1.3.3-alt1

  • Extended command options syntax to allow zero subconfig
     identifier and treat it as no subconfig identifier.

31 октября 2008 Dmitry V. Levin <ldv at altlinux.org> 1.3.2-alt1

  • Changed work limits type to unsigned long.
  • If bind to /dev/log failed, do not attempt to chmod it.

27 октября 2008 Dmitry V. Levin <ldv at altlinux.org> 1.3.1-alt1

  • hasher-useradd: Include subconfig number to default satellite user names.
  • Fixed build with fresh gcc.

24 марта 2008 Dmitry V. Levin <ldv at altlinux.org> 1.3.0-alt1

  • Changed parent I/O loop: parent process no longer closes master
     pty descriptor when child closes all its output descriptors;
     parent process now waits for child process termination or timeout.
  • DESIGN: Described "handle child input/output" control flow
  • Implemented /dev/log listener.

10 октября 2007 Dmitry V. Levin <ldv at altlinux.org> 1.2.11-alt1

  • chrootuid.sh.in (exit_handler): Fixed exit status check (at@).
  • Implemented "hasher-priv getconf" mode.

14 мая 2007 Dmitry V. Levin <ldv at altlinux.org> 1.2.10-alt1

  • Fixed hasher-priv.conf man section number (#11613).
  • Changed "prefix" option meaning from allowed prefix to
     colon-separated list of allowed prefixes.
  • Changed system.conf prefix value from "~" to "~:/tmp/.private".
  • Made /etc/hasher-priv directory tree not only traversable but also
     readable by "hashman" group members.

9 апреля 2007 Dmitry V. Levin <ldv at altlinux.org> 1.2.9-alt1

  • hasher-useradd: When creating satellite users for a system user,
     make them system users, too (#11416).

23 февраля 2007 Dmitry V. Levin <ldv at altlinux.org> 1.2.8-alt1

  • Changed default nice change value from 10 to 8.
  • Added support for new RLIMIT_* types:
     sigpending, msgqueue, nice, rtprio.

18 декабря 2006 Dmitry V. Levin <ldv at altlinux.org> 1.2.7-alt1

  • makedev: Create /dev/full device file.
  • makedev: Switch fs gid to 0 during device file creation.
  • hasher-useradd: Use gpasswd for better group names handling (#10305).

18 октября 2006 Dmitry V. Levin <ldv at altlinux.org> 1.2.6-alt1

  • Allowed "user.d" configs to override wlimits defined in "system" config.

15 октября 2006 Dmitry V. Levin <ldv at altlinux.org> 1.2.5-alt1

  • Fixed build with -D_FORTIFY_SOURCE=2 -Werror.

18 марта 2006 Dmitry V. Levin <ldv at altlinux.org> 1.2.4-alt1

  • makeconsole: New mode, creates console-specific root-only
     devices initially introduced by 1.2.2's makedev.
  • makedev.sh: In addition to makedev, call makeconsole
     if enabled by $makedev_console.

21 января 2006 Dmitry V. Levin <ldv at altlinux.org> 1.2.3-alt1

  • Makefile: Corrected LFS_CFLAGS.
  • child.c: Reworked xauth_add_entry() to support various xauth locations.

9 октября 2005 Dmitry V. Levin <ldv at altlinux.org> 1.2.2-alt1

  • If use_pty is not set, handle child's stdout and stderr separately.
  • In makedev mode, create few devices available to root only (mouse@).

15 августа 2005 Dmitry V. Levin <ldv at altlinux.org> 1.2.1-alt1

  • hasher-priv: Do not lowercase mount points (at@).
  • chrootuid1.sh: Synced with chrootuid2.sh.
  • DESIGN: Fixed typo (at@).

16 июля 2005 Dmitry V. Levin <ldv at altlinux.org> 1.2.0-alt1

  • Implemented X11 authentication spoofing.
  • Implemented custom mounts support via /etc/hasher-priv/fstab.

9 июля 2005 Dmitry V. Levin <ldv at altlinux.org> 1.1.0-alt1

  • Implemented X11 forwarding.

30 апреля 2005 Dmitry V. Levin <ldv at altlinux.org> 1.0.5-alt1

  • Fixed umount looping on 2.6 kernel (closes #6667).

13 марта 2005 Dmitry V. Levin <ldv at altlinux.org> 1.0.4-alt1

  • When making device files inside chroot,
     first try to hardlink existing device files,
     second try to create them using mknod(2).
     This approach simplifies usage in restricted environments
     where mknod(2) is not allowed even for superuser.

3 января 2005 Dmitry V. Levin <ldv at altlinux.org> 1.0.3-alt1

  • Changed helper directory to /usr/libexec/hasher-priv.
  • Updated documentation:
     + hasher-priv.conf(5): s/lim_/limit_/ (fixes #5805);
     + hasher-priv(8): fix NAME section, document TERM variable;
     + hasher-useradd(8): fix NAME section.

18 ноября 2004 Dmitry V. Levin <ldv at altlinux.org> 1.0.2-alt1

  • Changed privileged helper to suid program,
     to get rid of sudo dependence.

11 сентября 2004 Dmitry V. Levin <ldv at altlinux.org> 1.0.1-alt1

  • Enhanced use_pty mode:
     pass $TERM value, translate window size changes.
  • Pass libexecdir to %make_build (#4902).

15 июля 2004 Dmitry V. Levin <ldv at altlinux.org> 1.0-alt1

  • Added hasher-priv.conf(5) manpage.
  • Added more docs to hasher-priv(8) manpage.

13 июля 2004 Dmitry V. Levin <ldv at altlinux.org> 0.9.9-alt1

  • maketty: new mode, controlled by allow_ttydev config option.
  • chrootuid: use pty for communicating with child,
     controlled by use_pty environment option.

9 июля 2004 Dmitry V. Levin <ldv at altlinux.org> 0.9-alt1

  • Implemented mount/umount modes, controlled by
     allowed_mountpoints config option.
  • New config option: allowed_mountpoints.
  • DESIGN: document it.

7 июля 2004 Dmitry V. Levin <ldv at altlinux.org> 0.8-alt1

  • config:
     + read work limit hints from environment variables;
     + use lstat+chdir+lstat instead of open+fstat+fchdir+close.

6 июля 2004 Dmitry V. Levin <ldv at altlinux.org> 0.7.1-alt1

  • chroot prefix: trim trailing slashes.

2 января 2004 Dmitry V. Levin <ldv at altlinux.org> 0.7-alt1

  • Deal with compilation warnings generated by new gcc compiler.
  • Build with -W -Wall -Werror by default.
  • Enhanced prefix mismatch diagnostics.

15 октября 2003 Dmitry V. Levin <ldv at altlinux.org> 0.6.1-alt1

  • Fixed exit code translation error introduced in previous release.

14 октября 2003 Dmitry V. Levin <ldv at altlinux.org> 0.6-alt1

  • config, chrootuid{1,2}: handle work limits.

21 сентября 2003 Dmitry V. Levin <ldv at altlinux.org> 0.5-alt1

  • chrootuid{1,2}: call killuid on signal arrival.

7 сентября 2003 Dmitry V. Levin <ldv at altlinux.org> 0.4-alt1

  • killuid: purge all SYSV IPC objects.

2 июля 2003 Dmitry V. Levin <ldv at altlinux.org> 0.3-alt1

  • Renamed project to hasher-priv.
  • Renamed pkg-build group to hashman.

26 июня 2003 Dmitry V. Levin <ldv at altlinux.org> 0.2.1-alt1

  • pkg-build-priv:
     + fixed typo in usage text;
     + in chrootuid, export user-dependent USER variable.
  • pkg-build-useradd: add user also to the main group of user2.

10 мая 2003 Dmitry V. Levin <ldv at altlinux.org> 0.2.0-alt1

  • Config file parser now supports options for setting umask,
     nice and resource limits.
  • Set umask=022 and nice=10 by default
     (same values which was hardcoded before).
  • Make config files readable by users.
  • chrootuid{1,2}.sh: do killuid call before chrootuid call
     as well as after chrootuid call.

6 мая 2003 Dmitry V. Levin <ldv at altlinux.org> 0.1.6-alt1

  • pkg-build-priv:
     + added --version option;
     + added help2man-generated manpage.

5 мая 2003 Dmitry V. Levin <ldv at altlinux.org> 0.1.5-alt1

  • chrootuid.c: set nice to 10.

1 мая 2003 Dmitry V. Levin <ldv at altlinux.org> 0.1.4-alt1

  • chrootuid.c: pass user-dependent HOME to spawned process,
     not just "HOME=/" as before.

29 апреля 2003 Dmitry V. Levin <ldv at altlinux.org> 0.1.3-alt1

  • chdiruid.c: extended error diagnostics.

12 апреля 2003 Dmitry V. Levin <ldv at altlinux.org> 0.1.2-alt1

  • killuid.c: fixed build and work on linux kernel 2.2.x
  • chrootuid.c: added /usr/X11R6/bin to the PATH of second user
  • Install helper setgid pkg-build to ensure dumpable flag is unset.

9 апреля 2003 Dmitry V. Levin <ldv at altlinux.org> 0.1.1-alt1

  • chdiruid.c: check for group-writable directory without sticky bit.

6 апреля 2003 Dmitry V. Levin <ldv at altlinux.org> 0.1-alt1

  • Added /usr/sbin/pkg-build-useradd.
  • Added DESIGN file.

6 апреля 2003 Dmitry V. Levin <ldv at altlinux.org> 0.0.5-alt1

  • Added CALLER_NUM support.

4 апреля 2003 Dmitry V. Levin <ldv at altlinux.org> 0.0.4-alt1

  • priv.h:
     + lowered minimal uid/gid from 100 to 34.
  • chrootuid.c:
     + fixed typo.

3 апреля 2003 Dmitry V. Levin <ldv at altlinux.org> 0.0.3-alt1

  • chrootuid.c: set umask (022) unconditionally before exec.

31 марта 2003 Dmitry V. Levin <ldv at altlinux.org> 0.0.2-alt1

  • priv.h:
     + lowered minimal uid/gid from 500 to 100.
  • chdiruid.c:
     + added check for "st_gid != change_gid1";
     + removed check for "st_mode & S_IWGRP".

30 марта 2003 Dmitry V. Levin <ldv at altlinux.org> 0.0.1-alt1

  • Initial revision.
 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin