Репозитории ALT
S: | 2.0.12-alt1 |
5.1: | 1.3.4-alt1 |
4.1: | 1.3.0-alt1 |
4.0: | 1.3.0-alt1 |
3.0: | 1.2.2-alt1 |
+backports: | 1.2.9-alt1.M30.1 |
Группа :: Разработка/Прочее
Пакет: hasher-priv
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
25 июля 2023 Arseny Maslennikov <arseny at altlinux.org> 2.0.12-alt1
- hasher-useradd: Started using gpasswd(8) again.
- hasher-useradd: Fixed service auto-enable on sysvinit.
- hasher-useradd: Fixed implementation of "--system".
- Made hasher-useradd auto-enable hasher-privd if users were added.
- hasher-useradd: Replaced gpasswd(8) with usermod(8).
- Fixed wlimit_time_elapsed support introduced in 0.6-alt1.
- Fixed build with lcc (reported by Ilya Kurdyukov).
- hasher-privd(8): added a note on cgroup handling
(by Arseny Maslennikov).
- Packaged socket directory.
- chrootuid.sh: moved systemd-run invocation to the hasher project
(by Arseny Maslennikov).
- hasher-privd(8): added an overview of the hasher-privd architecture
(by Arseny Maslennikov). - mount: allowed non-dev subdirectories to be owned by rooter.
- killuid: robustify by removing the limit on the number of processes.
- Robustify the service daemon by rejecting clients passing strings
of total size exceeding the kernel limit for string arguments.
- Harden the service daemon further by setting PR_SET_NO_NEW_PRIVS flag.
- Forward the process personality from the client to the server.
- Rewritten using a client-server architecture
(by Alexey Gladkov, Arseny Maslennikov, Gleb Fotengauer-Malinovskiy, and me).
- sanitize_fds: changed to use close_range(2) if available (by Arseny Maslennikov).
- hasher-useradd: added new option: -r/--system (by Arseny Maslennikov).
- Added hidepid=2 to builtin /proc mount options.
- x11_parse_display: fixed hostname:displaynumber separation.
- Do not issue the warning about X11 auth data mismatch when
the message contains no X11 auth data. - Added /sys/fs/cgroup to the hardcoded fstab.
- Removed mount, umount, makedev, maketty, and makeconsole
operation modes, their job is now handled by chrootuid1
and chrootuid2 operation modes. - Introduced allowed_devices configuration option.
- chrootuid: Implemented /dev/pts/ptmx support.
- Hardened default mount options for builtin mount points.
- Changed builtin devpts mount options to use "newinstance" feature.
- Allowed group writable sticky directories to be used as
mount points when mount namespace isolation is in effect. - Added /dev/shm to the list of built-in mount points.
- Made X11 forwarding work with network isolation enabled.
- Allowed mount points to be owned by the first pseudouser
when mount namespace isolation is enabled. - Hardened default mount options for built-in mount points.
- Fixed purging IPC objects created by the first pseudouser.
- Implemented mount namespace isolation.
- Made IPC namespace isolation controllable by share_ipc environment
variable.
- Merge "killuid1" and "killuid2" commands into new "killuid" command.
- chrootuid: if unshare(2) fails with EPERM, treat it like ENOSYS.
- Implemented System V IPC namespace isolation.
- Implemented UTS namespace isolation.
By default, if unshare(CLONE_NEWUTS) syscall is supported, then
UTS namespace inside chroot is isolated from host UTS namespace,
and hostname is set to localhost.localdomain.
- Made some error messages a bit more specific.
- By default, when network isolation is not enabled explicitly,
do not terminate with a fatal error if unshare(CLONE_NEWNET)
is not supported by the kernel, just complain and continue
without network isolation.
Proposed by Denis Smirnov and Michael Shigorin.
- Handle child stderr before stdout.
- Implemented network isolation (by Kirill A. Shutemov).
- hasher-priv.conf.5.in: Updated information about default prefix values.
- Fixed new compilation warnings about dereferencing type-punned pointers.
- Extended command options syntax to allow zero subconfig
identifier and treat it as no subconfig identifier.
- Changed work limits type to unsigned long.
- If bind to /dev/log failed, do not attempt to chmod it.
- hasher-useradd: Include subconfig number to default satellite user names.
- Fixed build with fresh gcc.
- Changed parent I/O loop: parent process no longer closes master
pty descriptor when child closes all its output descriptors;
parent process now waits for child process termination or timeout. - DESIGN: Described "handle child input/output" control flow
- Implemented /dev/log listener.
- chrootuid.sh.in (exit_handler): Fixed exit status check (at@).
- Implemented "hasher-priv getconf" mode.
- Fixed hasher-priv.conf man section number (#11613).
- Changed "prefix" option meaning from allowed prefix to
colon-separated list of allowed prefixes. - Changed system.conf prefix value from "~" to "~:/tmp/.private".
- Made /etc/hasher-priv directory tree not only traversable but also
readable by "hashman" group members.
- hasher-useradd: When creating satellite users for a system user,
make them system users, too (#11416).
- Changed default nice change value from 10 to 8.
- Added support for new RLIMIT_* types:
sigpending, msgqueue, nice, rtprio.
- makedev: Create /dev/full device file.
- makedev: Switch fs gid to 0 during device file creation.
- hasher-useradd: Use gpasswd for better group names handling (#10305).
- Allowed "user.d" configs to override wlimits defined in "system" config.
- Fixed build with -D_FORTIFY_SOURCE=2 -Werror.
- makeconsole: New mode, creates console-specific root-only
devices initially introduced by 1.2.2's makedev. - makedev.sh: In addition to makedev, call makeconsole
if enabled by $makedev_console.
- Makefile: Corrected LFS_CFLAGS.
- child.c: Reworked xauth_add_entry() to support various xauth locations.
- If use_pty is not set, handle child's stdout and stderr separately.
- In makedev mode, create few devices available to root only (mouse@).
- hasher-priv: Do not lowercase mount points (at@).
- chrootuid1.sh: Synced with chrootuid2.sh.
- DESIGN: Fixed typo (at@).
- Implemented X11 authentication spoofing.
- Implemented custom mounts support via /etc/hasher-priv/fstab.
- Implemented X11 forwarding.
- Fixed umount looping on 2.6 kernel (closes #6667).
- When making device files inside chroot,
first try to hardlink existing device files,
second try to create them using mknod(2).
This approach simplifies usage in restricted environments
where mknod(2) is not allowed even for superuser.
- Changed helper directory to /usr/libexec/hasher-priv.
- Updated documentation:
+ hasher-priv.conf(5): s/lim_/limit_/ (fixes #5805);
+ hasher-priv(8): fix NAME section, document TERM variable;
+ hasher-useradd(8): fix NAME section.
- Changed privileged helper to suid program,
to get rid of sudo dependence.
- Enhanced use_pty mode:
pass $TERM value, translate window size changes. - Pass libexecdir to %make_build (#4902).
- Added hasher-priv.conf(5) manpage.
- Added more docs to hasher-priv(8) manpage.
- maketty: new mode, controlled by allow_ttydev config option.
- chrootuid: use pty for communicating with child,
controlled by use_pty environment option.
- Implemented mount/umount modes, controlled by
allowed_mountpoints config option. - New config option: allowed_mountpoints.
- DESIGN: document it.
- config:
+ read work limit hints from environment variables;
+ use lstat+chdir+lstat instead of open+fstat+fchdir+close.
- chroot prefix: trim trailing slashes.
- Deal with compilation warnings generated by new gcc compiler.
- Build with -W -Wall -Werror by default.
- Enhanced prefix mismatch diagnostics.
- Fixed exit code translation error introduced in previous release.
- config, chrootuid{1,2}: handle work limits.
- chrootuid{1,2}: call killuid on signal arrival.
- killuid: purge all SYSV IPC objects.
- Renamed project to hasher-priv.
- Renamed pkg-build group to hashman.
- pkg-build-priv:
+ fixed typo in usage text;
+ in chrootuid, export user-dependent USER variable. - pkg-build-useradd: add user also to the main group of user2.
- Config file parser now supports options for setting umask,
nice and resource limits. - Set umask=022 and nice=10 by default
(same values which was hardcoded before). - Make config files readable by users.
- chrootuid{1,2}.sh: do killuid call before chrootuid call
as well as after chrootuid call.
- pkg-build-priv:
+ added --version option;
+ added help2man-generated manpage.
- chrootuid.c: set nice to 10.
- chrootuid.c: pass user-dependent HOME to spawned process,
not just "HOME=/" as before.
- chdiruid.c: extended error diagnostics.
- killuid.c: fixed build and work on linux kernel 2.2.x
- chrootuid.c: added /usr/X11R6/bin to the PATH of second user
- Install helper setgid pkg-build to ensure dumpable flag is unset.
- chdiruid.c: check for group-writable directory without sticky bit.
- Added /usr/sbin/pkg-build-useradd.
- Added DESIGN file.
- Added CALLER_NUM support.
- priv.h:
+ lowered minimal uid/gid from 100 to 34. - chrootuid.c:
+ fixed typo.
- chrootuid.c: set umask (022) unconditionally before exec.
- priv.h:
+ lowered minimal uid/gid from 500 to 100. - chdiruid.c:
+ added check for "st_gid != change_gid1";
+ removed check for "st_mode & S_IWGRP".
- Initial revision.