"Fossies" - the Fresh Open Source Software Archive 
Member "scponly-20110526/CHANGELOG" (20 Nov 2010, 11784 Bytes) of package /linux/privat/old/scponly-20110526.tgz:
As a special service "Fossies" has tried to format the requested text file into HTML format (style:
standard) with prefixed line numbers.
Alternatively you can here
view or
download the uninterpreted source code file.
See also the latest
Fossies "Diffs" side-by-side code changes report for "CHANGELOG":
4.8_vs_20110526.
1 CVS
2 Remove inline references to satisify certain compilers
3 Remove the now unnecessary sftp-logging compatibility mode.
4 When getopt_long is not available, like on AIX, use bundled NetBSD
5 getopt_long.
6 Update the SECURITY document to include a reference to /etc/popt and\
7 ~/.popt as they relate to rsync.
8 Fix for rsync-3.0 which now uses a short -e option, with an optional
9 argument as a server side option indicating protocol compatibility.
10 Fix scponly crash on Solaris
11 Fix detection and inclusion of getopt on certain platforms
12 Document risks associated with popt reading /etc/popt and ~/.popt
13 Document getopt requirement (when certain configure options are enabled)
14
15 scponly v4.8 - jan 14 2008
16 fix support for quota and passwd when running within the chroot (exec pre-chroot)
17 disallow rsync and svnserve from being run as daemons that listen on a port
18 switch to getopt_long for command processing, use getopt for
19 sftp-server, svnserve, and quota
20 abort processing on commands that require getopt when getopt is not available
21 switched to slightly optimized and more compact debug code
22 fix unison support within chroots
23 fix for unison command execution bug
24 Dan Knapp <dankna@gmail.com>
25 allow multiple users with the same uid using USER environment variable
26 Steve Kehlet <stevek@webreachinc.com>
27
28 scponly 4.7 - change information unknown mismanaged - check CVS diffs if needed
29
30 scponly v4.6 - jan 31 2006
31
32 added missing semicolon to helper.c
33
34 scponly v4.5 - jan 31 2006
35
36 fixes the configure.in script to not define HAVE_OPTRESET, not even to a value of 0
37 Ilya Evseev <ilya_evseev@mail.ru>
38
39 scponly v4.4 - jan 30 2006
40
41 fixes that hopefully improve the optarg compilation situation
42 Christophe GRENIER <grenier@cgsecurity.org>
43 Bryan ?\230stergaard <kloeri@gentoo.org>
44
45 UNISON $HOME environment fix
46 Martin Werthmoeller <mw@lw-systems.de>
47
48 fixes to setup_chroot.sh/in
49 Hideyuki KURASHINA <rushani@bl.mmtr.or.jp>
50
51 scponly v4.3 - 27 dec 2005
52
53 numerous small fixes to 4.2
54
55 scponly v4.2 - 20 dec 2005
56
57 improved argument processing
58 Pekka Pessi <ppessi@gmail.com> reported that scponly processed scp args
59 by literal comparison, which is insufficient to catch getopt style
60 arguments.
61 this also resulted in scp and winscp compat turned off by default.
62
63 added CHROOT_CHECKDIR directive
64 issue reported by Max Vozeler <max@decl.org> wherein non-scponly users
65 on some platforms (debian linux tested) could invoke the scponlyc binary
66 against a specially crafted home directory to achieve priveledge escalation.
67
68 fix for openbsd ldd in setup_chroot
69 G 0kita <goo13c@gmail.com>
70
71 sftp-logging compatibility patch
72 Kaleb Pederson <kpederson@mail.ewu.edu>
73
74 fix for autoconf AC_INIT macro
75 Paul Hyder <Paul.Hyder@noaa.gov>
76
77 patch for command line args to setup_chroot invocation
78 Anish Mistry <amistry@am-productions.biz>
79
80 patches to fix passwd support and add quota support
81 Richard Fuller <rpfuller@cs.york.ac.uk>
82
83 scponly v4.1 - 12 apr 2005
84 follow up fix for additional executable rsync argument "-6e" (see v4.0)
85 Jason Wies <jason@xc.net>
86
87 building jails document
88 Paul Hyder <Paul.Hyder@noaa.gov>
89
90 chdir/chroot patch
91 David Ramsden <david@hexstream.eu.org>
92
93 dangerous args ifdef macro for scp -S flag (fixes debian bug 289861)
94 Hideyuki KURASHINA <rushani@bl.mmtr.or.jp>
95
96 DESTDIR support for chroot creation
97 Markus Kolb <markus-122004@tower-net.de>
98
99 numerous fixes
100 Kaleb Pederson <kpederson@mail.ewu.edu>
101 Dimitri Papadopoulos <papadopo@shfj.cea.fr>
102
103 scponly v4.0 - 27 nov 2004
104 SERIOUS VULNERABILITY FIX: scp/sftp-server/unison/rsync all support the command line
105 specification of "ssh dropins" for alternate crypto tunnels (similar to the way ssh can
106 dropin to replace rsh). this allows arbitrary command execution on the destination host,
107 circumventing scponly's sole purpose. this is NOT a priv escalation bug and it is DOES
108 require authentication. all versions prior to 4.0 are vulnerable.
109 Jason Wies <jason@xc.net>
110
111 added passwd support
112 Andreas Beck <becka-Ynyda@acs.uni-duesseldorf.de>
113
114 added subversion support
115 Sven Hoexter <sven@telelev.net>
116
117 fixed AIX support in configure script
118 Sven Hoexter <sven@telelev.net>
119
120 compile time configuration of default chdir
121 Daniel Lorch <ml-daniel@lorch.cc>
122
123 scponly v3.12 - 22 mar 2004
124 UNISON bugfix
125
126 scponly v3.11 - 21 mar 2004,
127 added UNISON compatibility (http://www.cis.upenn.edu/~bcpierce/unison/):
128 Raimund Specht <raimund@spemaus.de>
129 bugfix to home dir default permissions:
130 James Valente <jvalente@ofoto.com>
131 configure option to disable paranoid filename checking, thus allowing all characters in input
132 added a new config.sub
133 fixed missing PROG_RM declaration:
134 Hideyuki KURASHINA <rushani@bl.mmtr.or.jp>
135
136 scponly v3.9 - 17 nov 2003,
137 makefile improvements:
138 Bjrn Eriksson <bjorn@bjornen.nu>
139 setup_chroot improvements:
140 Johan Kuuse <kuuse@redantigua.com>
141 Thomas Wana <thomas@wana.at>
142 Martin Werthmoeller <mw@werthmoeller.de>
143 Hideyuki KURASHINA <rushani@bl.mmtr.or.jp>
144 Ralf Durkee <rd@rd1.net>
145 WinSCP3 compat patch (http://o5.pl/scponly-stuff/):
146 Konrad Krzysztof Krasinski <konrad@o5.pl>
147 hand-written build scripts for debian and RH9:
148 Konrad Krzysztof Krasinski <konrad@o5.pl>
149
150 scponly v3.8 - 17 mar 2003,
151 added chgrp to acceptable binaries
152
153 scponly v3.7 - 17 mar 2003,
154 rerepaired freebsd 4.7 configure and setup_chroot problems
155
156 scponly v3.6 - 07 mar 2003,
157 fixed the rsync compatibility configure options
158 repaired freebsd 4.7 configure and setup_chroot problems
159 added cool /chrootdir//homedir home directory interpretation
160 - thanks to Stefan Sami-Soueiha <stefan.sami@gmx.de> for his patch
161
162 scponly v3.5 - 16 dec 2002,
163 v3.4 - 02 nov 2002,
164 v3.3 - 28 oct 2002:
165 stupid bugfixes from 3.2 in configure.in
166 thanks to Sven Hoexter <sven@telelev.net>
167
168 scponly v3.2
169 27 oct, 2002
170
171 realloc() fix
172 change exit values for hygeine and portability
173 TODO file added
174 numerous portability fixes to setup_chroot.sh.in
175 Solaris compatibility improvements
176 Irix compatibility improvements
177 added some chrooted Irix install notes in README.IRIX
178 some winscp2 fixes to reduce annoying popup errors
179 added a strsep clone for solaris
180
181 scponly v3.1
182 10 sep, 2002
183
184 additional linux compatibility checks for setup_chroot.sh.in
185
186 configure script changes to fix moronic problem of not
187 being able to find /bin
188
189 added rsync compile time option. this is a very untested
190 feature.
191
192 scponly v3.0
193 04 sep, 2002
194
195 Solaris compatibility patch
196 - by Rene Klootwijk <rene.klootwijk@rencon.nl>
197
198 gftp compatibility patch
199 - by Michael <ysothoth@wsia.csi.cuny.edu>
200
201 system() dropped
202 - wildcards are expanded with glob() and wordexp()
203 depending on availability of these
204 functions.
205
206 autoconf configuration
207 - original by Andrew Chadwick <andrewc@piffle.org>
208 - expanded by author
209 - Can now set install dirs for other layouts.
210 - Keep Ken McG's makefile changes as much as possible.
211 - /etc/shells hacking has gone away, 'cause you can't
212 do that to a Debian (or any other) install
213 tree in a meaningful way.
214
215
216 scponly v2.4
217 18 aug, 2002
218
219 vulnerability patch!
220 - Derek D. Martin <ddm@pizzashack.org> sent me an exploitable
221 vulnerability condition that can be used to run
222 arbitrary commands, thus circumventing scponly!
223 the exploit is pending but the fix for existing
224 installations appears below. new installations
225 scponly-2.4 are not vulnerable.
226
227 - this vulnerability is POST-authentication and results
228 in no priveledge elevation.
229
230 - the fix: each user with scponly as his or her shell must
231 have an immutable home directory and .ssh subdirectory.
232 file uploads directly to the home directory are not
233 permitted and in turn, an "incoming" directory or
234 some analog must be used. Also, it is prudent
235 to audit/remove all dotfiles that are already in a
236 user's home directory.
237
238 - the following commands will "patch" the vulnerability:
239
240 chown root.root ~scpuser ~scpuser/.ssh
241 mkdir ~scpuser/incoming
242 chown scpuser.scpuser ~scpuser/incoming
243
244 - the result:
245
246 drwxr-xr-x 2 root root 4096 Mar 28 20:50 ./
247 drwxr-xr-x 2 root root 4096 Mar 28 20:50 .ssh/
248 drwxr-xr-x 2 user user 4096 Mar 28 20:50 incoming/
249
250 - this is to prevent a user from using SSH based login params to
251 undermine the shell.
252
253 scponly v2.3
254 22 june, 2002
255
256 manpage addition
257 - Ken McGlothlen <mcglk@artlogix.com> sent in a manpage for
258 scponly.
259 - he also sent in a patch to the makefile that improves the
260 portability of the installation process
261
262 scponly v2.2
263 11 june, 2002
264
265 syslog implementation
266 - Andrew Chadwick sent in a patch for syslog implementation
267 - scponly now logs properly
268
269
270 scponly v2.1
271 5 june, 2002
272
273 chroot bugfix
274 - Volker Kindermann <volker@volker.de> contributed a bug report
275 regarding WinSCP and chroot usage. login sets the
276 interactive market on the binary name so it becomes
277 "-scponlyc". this was confusing the chroot check.
278 - fixed setup_chroot to include "groups" binary
279
280
281 scponly v2.0
282 2 july, 2002
283
284 lots of code added for compatibility with WinSCP 2.0
285 - this code actually contradicts the "no interactive commands"
286 mandate of scponly. scponly now DOES support interactive
287 commands limited to the commands scponly already allowed
288 remote execution of, plus "cd", "groups" and "echo".
289 - since this is new, it can be excluded at compile time
290 - i havent tested against WinSCP 1.0, as i expect it will go away
291 with the advent of WinSCP 2.0
292 - upon various failure conditions, WinSCP will probably freak out
293 when it receives the error messages from scponly. check
294 your "logging" feature in WinSCP if this starts happening
295
296 install script improved to not append shells to /etc/shells if they are already there
297 - watch for this if you CHANGE your shell path and re-install
298
299
300 scponly v1.4
301 may 20, 2002
302 minor bugfix
303 - upon failing to open a logfile, scponly would try to log to logfile.
304
305 scponly v1.3
306
307 feb 6 2002:
308 pretty significant code changes to accomplish the following:
309 - total overhaul of install scripts. They are now rather
310 BSD centric. this might cause pain in the linux and
311 solaris realms, which I would be happy to try to accomodate
312 for.
313 - added clean_request() function to remove some unwanted
314 leading path information from shell commands. This
315 was in hopes of resolving the openssh client's habit
316 of specifying the full pathname of the sftp-server.
317 - added debugging information that can be turned on at run
318 time instead of compile time. see INSTALL for notes
319 - chroot() functionality is now established at run time instead
320 of compile time as well. depending on the NAME of the
321 scponly binary (scponly/scponlyc), scponly will try to
322 chroot. this allows an admin to configure chroot functionality
323 on a per user basis, instead of per host installation.
324 - increased the list of acceptable commands for compatibility with
325 sftp clients that do stuff like chmod and chown
326
327
328 scponly v1.2
329
330 jan 10th 2002:
331 applied a patch submitted by dkl at tessellated dot net.
332
333 increases compatibility with wintendo style sftp/scp clients by also
334 allowing things like chmod, pwd, etc
335
336
337 scponly v1.1
338
339 feb 23rd - 8:36pm EST:
340
341 I've discovered a rather glaring problem with the original release.
342 It seems that while implementing chroot() functionality, I completely
343 broke the wildcard matching. This is because "/bin/sh" is required
344 to expand wildcards.
345
346 Though it is undesirable to have ANY command interpretter in the chroot
347 path, it should not be possible to invoke sh interactively or remotely.
348
349 This fix vastly increases the usability of scponly.