"Fossies" - the Fresh Open Source Software Archive

Member "scponly-20110526/CHANGELOG" (20 Nov 2010, 11784 Bytes) of package /linux/privat/old/scponly-20110526.tgz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "CHANGELOG": 4.8_vs_20110526.

    1 CVS
    2 	Remove inline references to satisify certain compilers
    3 	Remove the now unnecessary sftp-logging compatibility mode.
    4 	When getopt_long is not available, like on AIX, use bundled NetBSD
    5 		getopt_long.
    6 	Update the SECURITY document to include a reference to /etc/popt and\
    7 		~/.popt as they relate to rsync.
    8 	Fix for rsync-3.0 which now uses a short -e option, with an optional
    9 		argument as	a server side option indicating protocol compatibility.
   10 	Fix scponly crash on Solaris
   11 	Fix detection and inclusion of getopt on certain platforms
   12 	Document risks associated with popt reading /etc/popt and ~/.popt
   13 	Document getopt requirement (when certain configure options are enabled)
   14 
   15 scponly v4.8 - jan 14 2008
   16 	fix support for quota and passwd when running within the chroot (exec pre-chroot)
   17 	disallow rsync and svnserve from being run as daemons that listen on a port
   18 	switch to getopt_long for command processing, use getopt for
   19 		sftp-server, svnserve, and quota
   20 	abort processing on commands that require getopt when getopt is not available
   21 	switched to slightly optimized and more compact debug code
   22 	fix unison support within chroots
   23 	fix for unison command execution bug
   24 		Dan Knapp <dankna@gmail.com>
   25 	allow multiple users with the same uid using USER environment variable
   26 		Steve Kehlet <stevek@webreachinc.com>
   27 
   28 scponly 4.7 - change information unknown mismanaged - check CVS diffs if needed
   29 
   30 scponly v4.6 - jan 31 2006
   31 
   32 	added missing semicolon to helper.c
   33 
   34 scponly v4.5 - jan 31 2006
   35 
   36 	fixes the configure.in script to not define HAVE_OPTRESET, not even to a value of 0
   37 		Ilya Evseev <ilya_evseev@mail.ru>
   38 
   39 scponly v4.4 - jan 30 2006
   40 
   41 	fixes that hopefully improve the optarg compilation situation
   42 		Christophe GRENIER <grenier@cgsecurity.org>
   43 		Bryan ?\230stergaard <kloeri@gentoo.org>
   44 
   45 	UNISON $HOME environment fix
   46 		Martin Werthmoeller <mw@lw-systems.de>
   47 
   48 	fixes to setup_chroot.sh/in
   49 		Hideyuki KURASHINA <rushani@bl.mmtr.or.jp>
   50 
   51 scponly v4.3 - 27 dec 2005
   52 
   53 	numerous small fixes to 4.2
   54 
   55 scponly v4.2 - 20 dec 2005
   56 
   57 	improved argument processing
   58 		Pekka Pessi <ppessi@gmail.com> reported that scponly processed scp args 
   59 		by literal comparison, which is insufficient to catch getopt style 
   60 		arguments.
   61 		this also resulted in scp and winscp compat turned off by default.
   62 
   63 	added CHROOT_CHECKDIR directive
   64 		issue reported by Max Vozeler <max@decl.org> wherein non-scponly users
   65 		on some platforms (debian linux tested) could invoke the scponlyc binary
   66 		against a specially crafted home directory to achieve priveledge escalation.
   67 
   68 	fix for openbsd ldd in setup_chroot
   69 		G 0kita <goo13c@gmail.com>
   70 
   71 	sftp-logging compatibility patch
   72 		Kaleb Pederson <kpederson@mail.ewu.edu>
   73 
   74 	fix for autoconf AC_INIT macro
   75 		Paul Hyder <Paul.Hyder@noaa.gov>
   76 	
   77 	patch for command line args to setup_chroot invocation
   78 		Anish Mistry <amistry@am-productions.biz>
   79 
   80 	patches to fix passwd support and add quota support
   81 		Richard Fuller <rpfuller@cs.york.ac.uk>
   82 
   83 scponly v4.1 - 12 apr 2005
   84 	follow up fix for additional executable rsync argument "-6e" (see v4.0)
   85 		Jason Wies <jason@xc.net>
   86 
   87 	building jails document
   88 		Paul Hyder <Paul.Hyder@noaa.gov>     
   89 	
   90 	chdir/chroot patch
   91 		David Ramsden <david@hexstream.eu.org> 
   92 
   93 	dangerous args ifdef macro for scp -S flag (fixes debian bug 289861)
   94 		Hideyuki KURASHINA <rushani@bl.mmtr.or.jp>  
   95 
   96 	DESTDIR support for chroot creation
   97 		Markus Kolb <markus-122004@tower-net.de>                     
   98 
   99 	numerous fixes
  100 		Kaleb Pederson <kpederson@mail.ewu.edu>   
  101 		Dimitri Papadopoulos <papadopo@shfj.cea.fr>
  102 
  103 scponly v4.0 - 27 nov 2004
  104 	SERIOUS VULNERABILITY FIX: scp/sftp-server/unison/rsync all support the command line
  105 		specification of "ssh dropins" for alternate crypto tunnels (similar to the way ssh can
  106 		dropin to replace rsh).  this allows arbitrary command execution on the destination host, 
  107 		circumventing scponly's sole purpose.  this is NOT a priv escalation bug and it is DOES 
  108 		require authentication.  all versions prior to 4.0 are vulnerable.
  109 		Jason Wies <jason@xc.net> 
  110 	
  111 	added passwd support
  112 		Andreas Beck <becka-Ynyda@acs.uni-duesseldorf.de> 
  113 
  114 	added subversion support
  115 		Sven Hoexter <sven@telelev.net>
  116 
  117 	fixed AIX support in configure script
  118 		Sven Hoexter <sven@telelev.net>
  119 
  120     compile time configuration of default chdir
  121 		Daniel Lorch <ml-daniel@lorch.cc>       
  122 
  123 scponly v3.12 - 22 mar 2004
  124 	UNISON bugfix
  125 
  126 scponly v3.11 - 21 mar 2004,
  127 	added UNISON compatibility (http://www.cis.upenn.edu/~bcpierce/unison/):
  128 		Raimund Specht <raimund@spemaus.de>
  129 	bugfix to home dir default permissions:
  130 		James Valente <jvalente@ofoto.com> 
  131 	configure option to disable paranoid filename checking, thus allowing all characters in input
  132 	added a new config.sub 
  133 	fixed missing PROG_RM declaration:
  134 		Hideyuki KURASHINA <rushani@bl.mmtr.or.jp>       
  135 
  136 scponly v3.9 - 17 nov 2003,
  137 	makefile improvements: 
  138 		Bjrn Eriksson <bjorn@bjornen.nu>
  139 	setup_chroot improvements:
  140 		Johan Kuuse <kuuse@redantigua.com>
  141 		Thomas Wana <thomas@wana.at>
  142 		Martin Werthmoeller <mw@werthmoeller.de>
  143 		Hideyuki KURASHINA <rushani@bl.mmtr.or.jp>
  144 		Ralf Durkee <rd@rd1.net>
  145 	WinSCP3 compat patch (http://o5.pl/scponly-stuff/):
  146 		Konrad Krzysztof Krasinski <konrad@o5.pl>
  147 	hand-written build scripts for debian and RH9:
  148  		Konrad Krzysztof Krasinski <konrad@o5.pl>
  149 
  150 scponly v3.8 - 17 mar 2003,
  151 	added chgrp to acceptable binaries
  152 
  153 scponly v3.7 - 17 mar 2003,
  154 	rerepaired freebsd 4.7 configure and setup_chroot problems
  155 
  156 scponly v3.6 - 07 mar 2003,
  157 	fixed the rsync compatibility configure options
  158 	repaired freebsd 4.7 configure and setup_chroot problems
  159 	added cool /chrootdir//homedir home directory interpretation
  160 		- thanks to Stefan Sami-Soueiha <stefan.sami@gmx.de> for his patch
  161 
  162 scponly v3.5 - 16 dec 2002,
  163 	v3.4 - 02 nov 2002,
  164 	v3.3 - 28 oct 2002:
  165 	stupid bugfixes from 3.2 in configure.in
  166 	thanks to Sven Hoexter <sven@telelev.net>
  167 
  168 scponly v3.2
  169 	27 oct, 2002
  170 
  171 	realloc() fix
  172 	change exit values for hygeine and portability
  173 	TODO file added
  174 	numerous portability fixes to setup_chroot.sh.in
  175 	Solaris compatibility improvements
  176 	Irix compatibility improvements
  177 	added some chrooted Irix install notes in README.IRIX
  178 	some winscp2 fixes to reduce annoying popup errors
  179 	added a strsep clone for solaris
  180 
  181 scponly v3.1
  182 	10 sep, 2002
  183 
  184 	additional linux compatibility checks for setup_chroot.sh.in
  185 
  186 	configure script changes to fix moronic problem of not
  187 		being able to find /bin
  188 
  189 	added rsync compile time option.  this is a very untested
  190 		feature.
  191 
  192 scponly v3.0
  193 	04 sep, 2002
  194 
  195 	Solaris compatibility patch 
  196 		- by Rene Klootwijk <rene.klootwijk@rencon.nl>
  197 
  198 	gftp compatibility patch 
  199 		- by Michael <ysothoth@wsia.csi.cuny.edu>
  200 
  201 	system() dropped
  202 		- wildcards are expanded with glob() and wordexp()
  203 			depending on availability of these
  204 			functions.
  205 		
  206 	autoconf configuration 
  207 		- original by Andrew Chadwick <andrewc@piffle.org>
  208 		- expanded by author
  209 		- Can now set install dirs for other layouts.
  210 		- Keep Ken McG's makefile changes as much as possible.
  211 		- /etc/shells hacking has gone away, 'cause you can't
  212 			do that to a Debian (or any other) install
  213 			tree in a meaningful way.
  214 		
  215 
  216 scponly v2.4
  217 	18 aug, 2002
  218 
  219 	vulnerability patch!
  220 		- Derek D. Martin <ddm@pizzashack.org> sent me an exploitable
  221 			vulnerability condition that can be used to run
  222 			arbitrary commands, thus circumventing scponly!
  223 			the exploit is pending but the fix for existing 
  224 			installations appears below.  new installations 
  225 			scponly-2.4 are not vulnerable.
  226 
  227 		- this vulnerability is POST-authentication and results
  228 			in no priveledge elevation.
  229 
  230 		- the fix:  each user with scponly as his or her shell must
  231 			have an immutable home directory and .ssh subdirectory.
  232 			file uploads directly to the home directory are not
  233 			permitted and in turn, an "incoming" directory or
  234 			some analog must be used.  Also, it is prudent
  235 			to audit/remove all dotfiles that are already in a 
  236 			user's home directory.
  237 
  238 		- the following commands will "patch" the vulnerability:
  239 
  240 		chown root.root ~scpuser ~scpuser/.ssh
  241 		mkdir ~scpuser/incoming
  242 		chown scpuser.scpuser ~scpuser/incoming 
  243 
  244 		- the result:
  245 
  246 		drwxr-xr-x    2 root     root       4096 Mar 28 20:50 ./
  247      		drwxr-xr-x    2 root     root       4096 Mar 28 20:50 .ssh/
  248      		drwxr-xr-x    2 user     user       4096 Mar 28 20:50 incoming/
  249 
  250 		- this is to prevent a user from using SSH based login params to
  251 		undermine the shell.
  252 
  253 scponly v2.3
  254 	22 june, 2002
  255 
  256 	manpage addition
  257 		- Ken McGlothlen <mcglk@artlogix.com> sent in a manpage for
  258 			scponly.
  259 		- he also sent in a patch to the makefile that improves the
  260 			portability of the installation process
  261 
  262 scponly v2.2
  263 	11 june, 2002
  264 
  265 	syslog implementation
  266 		- Andrew Chadwick sent in a patch for syslog implementation
  267 		- scponly now logs properly
  268 
  269 
  270 scponly v2.1
  271 	5 june, 2002
  272 
  273 	chroot bugfix
  274 		- Volker Kindermann <volker@volker.de> contributed a bug report 
  275 			regarding WinSCP and chroot usage.  login sets the 
  276 			interactive market on the binary name so it becomes
  277 			"-scponlyc".  this was confusing the chroot check.
  278 		- fixed setup_chroot to include "groups" binary
  279 
  280  
  281 scponly v2.0
  282 	2 july, 2002
  283 
  284 	lots of code added for compatibility with WinSCP 2.0
  285 		- this code actually contradicts the "no interactive commands"
  286 			mandate of scponly.  scponly now DOES support interactive
  287 			commands limited to the commands scponly already allowed
  288 			remote execution of, plus "cd", "groups" and "echo".
  289 		- since this is new, it can be excluded at compile time
  290 		- i havent tested against WinSCP 1.0, as i expect it will go away
  291 			with the advent of WinSCP 2.0
  292 		- upon various failure conditions, WinSCP will probably freak out
  293 			when it receives the error messages from scponly.  check
  294 			your "logging" feature in WinSCP if this starts happening
  295 
  296 	install script improved to not append shells to /etc/shells if they are already there
  297 		- watch for this if you CHANGE your shell path and re-install
  298 
  299 
  300 scponly v1.4
  301 	may 20, 2002
  302 	minor bugfix
  303 		- upon failing to open a logfile, scponly would try to log to logfile.
  304 
  305 scponly v1.3
  306 
  307 feb 6 2002:
  308 	pretty significant code changes to accomplish the following:
  309 		- total overhaul of install scripts.  They are now rather
  310 			BSD centric.  this might cause pain in the linux and
  311 			solaris realms, which I would be happy to try to accomodate
  312 			for.  
  313 		- added clean_request() function to remove some unwanted
  314 			leading path information from shell commands. This
  315 			was in hopes of resolving the openssh client's habit 
  316 			of specifying the full pathname of the sftp-server.
  317 		- added debugging information that can be turned on at run
  318 			time instead of compile time.  see INSTALL for notes
  319 		- chroot() functionality is now established at run time instead
  320 			of compile time as well.  depending on the NAME of the
  321 			scponly binary (scponly/scponlyc), scponly will try to
  322 			chroot.  this allows an admin to configure chroot functionality
  323 			on a per user basis, instead of per host installation.
  324 		- increased the list of acceptable commands for compatibility with
  325 			sftp clients that do stuff like chmod and chown
  326 
  327 
  328 scponly v1.2
  329 
  330 jan 10th 2002:
  331 	applied a patch submitted by dkl at tessellated dot net.
  332 
  333 	increases compatibility with wintendo style sftp/scp clients by also
  334 	allowing things like chmod, pwd, etc
  335 
  336 
  337 scponly v1.1
  338 
  339 feb 23rd - 8:36pm EST:
  340 
  341 	I've discovered a rather glaring problem with the original release.
  342 	It seems that while implementing chroot() functionality, I completely
  343 	broke the wildcard matching.  This is because "/bin/sh" is required
  344 	to expand wildcards.  
  345 
  346 	Though it is undesirable to have ANY command interpretter in the chroot
  347 	path, it should not be possible to invoke sh interactively or remotely.
  348 
  349 	This fix vastly increases the usability of scponly.