Changelog for Linux sysmask project. ------------------------------------------------------------------------ 20060204: Version 1.08 released. 20060919: Kernel patch update for 2.6.17.13 and 2.4.33.3. 20060915: sysmaskadm forgotten in the package. 20060914: Fixed malformed kernel patch problem. ------------------------------------------------------------------------ 20060204: Version 1.06 released. 20060204: Added skype configuration. 20060129: _smk_req_fname() moves to static buffer. Typo in smk_rlim_exceed(): system token limits were not enforced. 20060127: Session control was accessing freed page. 20060123: Removed several potential deadlock possibilities. Added _ultimatum() to auto-kill timed-up processes. 20060122: Added smk_kill(). 20051212: mprotect() removed from misc mask (new glibc uses it). 20050919: smk_daemon_abandon() should check whether the pid is the current one. 20050916: Mask for sys_clock_gettime() changed to SM1_HARMLESS. 20050908: Purge leaked-in libc functions in smkd. 20050907: Added preliminary recognition of various socket families other than PF_UNIX and PF_INET. 20050831: Fixed: smkd, in rlist(), value returned by search_list() must be signed, instead of unsigned. Fixed: smkd, printtoken() printed wrong number for unnamed user tokens. Fixed: wrong mask struct might get triggered in __smk_addmask(). 20050830: Added config condition "request" (mainly for use in macros). 20050829: Reorganization of default configuration. 20050827: dev mask becomes soft, while keeping 100% backward compatibility. This allows access control based on major/minor of a device, much more solid than file based control. 20050825: system *.dev files switched to denyid. ------------------------------------------------------------------------ 20050825: Version 1.04 released. 20050825: User token definitions are now world readable. 20050823: Slight cleanings of the default configuration. 20050819: Prefixfile editing added to sysmaskadm. Fixed: chroot/realroot refusal implementation was lost. Changed: prefix translation disabled for chroot processes. ------------------------------------------------------------------------ 20050819: Version 1.02 released. 20050818: Added automatic inittab processing in sysmaskadm. 20050816: Added prefix definitions. Fixed: path recheck forgotten for unix sockets, 2.4 series kernel. 20050814: Fixed: automatic smkd-up failed when there was a slow cdrom access. Fixed: sysmaskadm: sort should set LC_ALL=C. 20050804: Added an anticrash measure to smkd. 20050802: Added kernel printk for exceptional circumstances. 20050731: Fixed: wrong position of confcache_init when new_passwd in smkd.c. 20050705: Token updates for wims. 20050704: Corrected confusing debug message when call=socket. Fixed: smkd answer lost for exec when socket is called in the middle. ------------------------------------------------------------------------ 20050625: Version 1.00 released. 20050621: Kernel versions updated to 2.4.31 and 2.6.12. ------------------------------------------------------------------------ 20050531: Version 0.96 released. 20050529: Added thistoken condition. 20050525: Added a dialog-based adm/config interface sysmaskadm. 20050522: Added configuration macros. Added feedback option. 20050520: Added forkfreq resource limitation. 20050519: Added core mask. 20050518: Sanity: some length variable types switched to size_t. 20050516: smkd is now ticking the kernel. One can use crond to relaunch if ever it dies. 20050515: Buffers of size SMK_PATH_MAX+1 in functions are replaced by __get_free_pages(). 20050513: Added codes to prevent a process killed between _smk_daemon_connect() and _smk_daemon_req() to hang the system. (Don't know whether this really occurs; it's just a precaution.) Session rstatus type changed to atomic_t. ------------------------------------------------------------------------ 20050506: Version 0.94 released. 20050505: Added session-wise time2live. 20050502: Protocol version moved to 1003. WARNING: system update must be done in single mode! 20050501: Added sysmask session structure. Added fork limitations. 20050428: execve() interpreter name check was forgotten. (Thanks to Valery Reznic) ------------------------------------------------------------------------ 20050423: Version 0.92 released. 20050423: process_pathname(): Hash non-initiated when type=1. 20050422: Corrected version detection in kernel sysmask.c. 20050421: Added time2live (preliminary version). 20050420: Added sizelim (preliminary version). 20050417: smkd.c, check_fname, defs_newtoken: removed two "continue". Tokens with no alias were ignored by smkd. Added kill option. smkd_request and sysmask_struct tables extended. Protocol version moved to 1002. WARNING: system update must be done in single mode! 20050414: read-write lock => spin_lock for smkreq_lock. Bug in smkd.c: deny leaked to allow. ------------------------------------------------------------------------ 20050414: Version 0.90 released. This version is fully working for Linux i386 (2.4.29 and 2.6.10), but may still contain some bugs due to lack of tests. Template configurations for softwares need to be corrected and completed.