Группа :: Разработка/Прочее
Пакет: hasher-priv
Главная Изменения Спек Патчи Загрузить Bugs and FR
19 декабря 2006 Alexey Borovskoy <alb at altlinux.ru> 1.2.7-alt0.M24.1
- New version based on 1.2.7-alt1.
- makedev: Create /dev/full device file.
- makedev: Switch fs gid to 0 during device file creation.
- hasher-useradd: Use gpasswd for better group names handling (#10305).
- Backport to Master 2.4.
- Allowed "user.d" configs to override wlimits defined in "system" config.
- Fixed build with -D_FORTIFY_SOURCE=2 -Werror.
- Backport to Master 2.4.
- makeconsole: New mode, creates console-specific root-only
devices initially introduced by 1.2.2's makedev. - makedev.sh: In addition to makedev, call makeconsole
if enabled by $makedev_console.
- Makefile: Corrected LFS_CFLAGS.
- child.c: Reworked xauth_add_entry() to support various xauth locations.
- Backport to Master 2.4
- If use_pty is not set, handle child's stdout and stderr separately.
- In makedev mode, create few devices available to root only (mouse@).
- Backport to Master 2.4
- hasher-priv: Do not lowercase mount points (at@).
- chrootuid1.sh: synced with chrootuid2.sh.
- DESIGN: fixed typo (at@).
- Backport to Master 2.4
- Implemented X11 authentication spoofing.
- Implemented custom mounts support via /etc/hasher-priv/fstab.
- Implemented X11 forwarding.
- Fixed umount looping on 2.6 kernel (closes #6667).
- Backport to Master 2.4
- When making device files inside chroot,
first try to hardlink existing device files,
second try to create them using mknod(2).
This approach simplifies usage in restricted environments
where mknod(2) is not allowed even for superuser.
- Backport to Master 2.4
- Add sisyphus_check >= 0.7.11 buildtime dependency
- Changed helper directory to /usr/libexec/hasher-priv.
- Updated documentation:
+ hasher-priv.conf(5): s/lim_/limit_/ (fixes #5805);
+ hasher-priv(8): fix NAME section, document TERM variable;
+ hasher-useradd(8): fix NAME section.
- Backport to Master 2.4
- Changed privileged helper to suid program,
to get rid of sudo dependence.
- Enhanced use_pty mode:
pass $TERM value, translate window size changes. - Pass libexecdir to %make_build (#4902).
- Added hasher-priv.conf(5) manpage.
- Added more docs to hasher-priv(8) manpage.
- maketty: new mode, controlled by allow_ttydev config option.
- chrootuid: use pty for communicating with child,
controlled by use_pty environment option.
- Implemented mount/umount modes, controlled by
allowed_mountpoints config option. - New config option: allowed_mountpoints.
- DESIGN: document it.
- config:
+ read work limit hints from environment variables;
+ use lstat+chdir+lstat instead of open+fstat+fchdir+close.
- chroot prefix: trim trailing slashes.
- Deal with compilation warnings generated by new gcc compiler.
- Build with -W -Wall -Werror by default.
- Enhanced prefix mismatch diagnostics.
- Fixed exit code translation error introduced in previous release.
- config, chrootuid{1,2}: handle work limits.
- chrootuid{1,2}: call killuid on signal arrival.
- killuid: purge all SYSV IPC objects.
- Renamed project to hasher-priv.
- Renamed pkg-build group to hashman.
- pkg-build-priv:
+ fixed typo in usage text;
+ in chrootuid, export user-dependent USER variable. - pkg-build-useradd: add user also to the main group of user2.
- Config file parser now supports options for setting umask,
nice and resource limits. - Set umask=022 and nice=10 by default
(same values which was hardcoded before). - Make config files readable by users.
- chrootuid{1,2}.sh: do killuid call before chrootuid call
as well as after chrootuid call.
- pkg-build-priv:
+ added --version option;
+ added help2man-generated manpage.
- chrootuid.c: set nice to 10.
- chrootuid.c: pass user-dependent HOME to spawned process,
not just "HOME=/" as before.
- chdiruid.c: extended error diagnostics.
- killuid.c: fixed build and work on linux kernel 2.2.x
- chrootuid.c: added /usr/X11R6/bin to the PATH of second user
- Install helper setgid pkg-build to ensure dumpable flag is unset.
- chdiruid.c: check for group-writable directory without sticky bit.
- Added /usr/sbin/pkg-build-useradd.
- Added DESIGN file.
- Added CALLER_NUM support.
- priv.h:
+ lowered minimal uid/gid from 100 to 34. - chrootuid.c:
+ fixed typo.
- chrootuid.c: set umask (022) unconditionally before exec.
- priv.h:
+ lowered minimal uid/gid from 500 to 100. - chdiruid.c:
+ added check for "st_gid != change_gid1";
+ removed check for "st_mode & S_IWGRP".
- Initial revision.