forked from ghantoos/lshell
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCHANGES
executable file
·272 lines (236 loc) · 12.1 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
#####################################
# LSHELL - Limited Shell - CHANGES #
#####################################
#
# $Id: CHANGES,v 1.65 2010-10-26 22:39:36 ghantoos Exp $
Contact: [email protected]
http://sourceforge.net/projects/lshell/
#####################################
=== v0.9.16 14/08/2013 ===
* Added support to login script. Thank you Laurent Debacker for the patch.
* Fixed auto-complete failing with "-"
* Fixed bug where forbidden commands still execute if strict=1
* Fixed auto-completion complete of forbidden paths
* Fixed wrong parsing &, | or ; characters
* Added urandom function definition for python 2.3 compat
* Corrected env variable expansion
* Add support for cd command in aliases
* Split lshellmodule in multiple files under the lshell directory
* Fixed check_secure function to ignore quoted text
* Fixed multiple spaces escaping forbidden filtering
* Fixed log file permissions 644 -> 600
* Added possibility to override config file option via command-line
* Enabled job control when executing command
* Code cleanup
=== v0.9.15.2 08/05/2012 ===
* Corrected mismatch in aliaskey variable.
=== v0.9.15.1 15/03/2012 ===
* Corrected security bug allowing user to get out of the restricted
shell. Thank you bui from NBS System for reporting this grave issue!
=== v0.9.15 13/03/2012 ===
* Set the hostname to the "short hostname" in the prompt.
* Corrected traceback when "sudo" command was entered alone. Thank you
Kiran Reddy for reporting this.
* Added support for python2.3 as subprocess is not included by default.
* Corrected the 'strict' behavior when entering a forbidden path.
* Added short path promp support using the 'prompt_short' variable.
* Corrected stacktrace when group did not exist.
* Add support for empty prompt.
* Fixed bugs when using $() and ``.
* Corrected strict behavior to apply to forbidden path.
* Added support for wildcard '*' when using 'cd'.
* Added support for "cd -" to return to previous directory.
* Updated security issue with non printable characters permitting user
to get out of the limited shell.
* Now lshell automatically reload its configuration if the configuration
file is modified.
* Added possibility to have no "intro" when user logs in. (by setting
the intro configuration field to "")
* Corrected multiple commands over ssh, and aliases interpretation.
* Added possibility to use wildcards in path definitions.
* Finally corrected the alias replacement loop.
=== v0.9.14 27/10/2010 ===
* Corrected get_aliases function, as it was looping when aliases were
"recursive" (e.g. 'ls':'ls --color=auto')
* Added lsudo built-in command to list allowed sudo commands.
* Corrected completion function when 2 strings collided (e.g. ls and lsudo)
* Corrected the README's installation part (adding --prefix).
* Added possibility to log via syslog.
* Corrected warning counter (was counting minus 1).
* Added the possibility to disable the counter, and just warn the user
(withouht kicking him).
* Added possibility to configure prompt. Thank you bapt for the patch.
* Added possibility to set environment variables to users. Thank you bapt
for the patch.
* Added the 'history' built-in function.
=== v0.9.13 02/09/2010 ===
* Switched from deprecated popen2 to subprocess to be python2.6 compatible.
Thank you Greg Orlowski for the patch.
* Added missing builin commands when 'allowed' list was set to 'all'. For
example, the "cd" command was then missing.
* Added the "export" builtin function to export shell variables. Thank you
Chris for reporting this issue.
=== v0.9.12 04/05/2010 ===
* A minor bug was inserted in version 0.9.11 with the sudo command.
It has been corrected in this version.
=== v0.9.11 27/04/2010 ===
* Corrects traceback when executing a command that had a python homonym
(e.g. "print foo" or "set"). (Closes: SF#2969631)
* Corrected completion error when using "~/". Thanks to Piotr Minkina for
reporting this.
* Corrected the get_aliases function.
* Corrected interpretation of ~user. Thank you Adrien Urban for reporting
this.
* The 'home_path' variable is being deprecated from this version and on.
Please use your system's tools to set a user's home directory.
It will be completely removed in the next version of lshell.
* Corrected shell variable and wildcards expansions when checking a command.
Thank you Adrien Urban for reporting this.
* Added possibility to allow/forbid scp upload/download using scp_upload
and scp_download variables.
* Corrected bug when using the "command=" in openSSH's authorized_keys.
lshell now takes into account the SSH_ORIGINAL_COMMAND environment
variable. Thank you Jason Heiss for reporting this.
* Corrected traceback when aliases is not defined in configuration, and
command is sent over SSH. Thank you Jason Heiss for reporting this.
=== v0.9.10 08/03/2010 ===
* Corrected minor bug in the aliases function that appeared in the previous
version. Thank you Piotr Minkina for reporting this.
=== v0.9.9 07/03/2010 ===
* Added the possibility to configure introduction prompt.
* Replaced "joker" by "warnings" (more elegant)
* Possibility of limiting the history file size.
* Added lpath built-in command to list allowed and denied path. Thanks to
Adrien Urban.
* Corrected bug when using "~" was not parsed as "home directory" when
used in a command other than "cd". Thank you Adrien Urban finding this.
* Corrected minor typo when warning for a forbidden path.
* If $(foo) is present in the line, check if foo is allowed before
executing the line. Thank you Adrien Urban for pointing this out!
* Added the possibility to list commands allowed to be executed using sudo.
The new configuration field is sudo_commands.
* Added the clear(1) command as a built-in command.
* Added '$(' and '${' in the forbidden list by default in the configuration
file.
* Now check the content of curly braces with variables '${}'. Thank you
Adrien Urban for reporting this.
* Added possibility to set history file name using history_file in the
configuration file.
* Corrected the bug when using '|', '&' or ';' over ssh. Over ssh forbidden
characters refers now to the list provided in the "forbidden" field.
Thank you Jools Wills for reporting this!
* It now possible to use "&&" and "||" even if "&" and/or "|" are in the
forbidden list. In order to forbid them too, you must add them
explicitely in the forbidden list. Thank you Adrien Urban for this
suggestion.
* Fixed aliases bug that replaced part of commands rendering them unusable.
e.g. aliase vi:vim replaced the view command by vimew.
* Added a logrotate file for lshell log files.
* Corrected parsing of commands overssh to be checked by the same function
used by the lshell CLI.
Thank you Adrien Urban for you security audit and excellent ideas!
=== v0.9.8 30/11/2009 ===
* Major bug fix. lshell did not launch on python 2.4 and 2.5 (https://sourceforge.net/projects/lshell/forums/forum/778301/topic/3474668)
* Added aliases for commands over SSH.
=== v0.9.7 25/11/2009 ===
* Cleaned up the Python code
* Corrected crash when directory permission denied (Closes: https://sourceforge.net/tracker/?func=detail&aid=2875374&group_id=215792&atid=1035093)
* Added possibility to set the home_path option using the '%u' flag.
(e.g. '/var/chroot/%u' where '%u' will be replaced by the user's username)
* Now replaces "~" by user's home directory.
=== v0.9.6 9/09/2009 ===
* Major security fix. User had access to all files located in forbidden
directories (Closes: https://sourceforge.net/tracker/?func=detail&aid=2838542&group_id=215792&atid=1035093)
* Corrects RPM generation bug (Closes: https://sourceforge.net/tracker/index.php?func=detail&aid=2838283&group_id=215792&atid=1035093)
* lshell exits gracefully when user home directory doesn't exist
=== v0.9.5 28/07/2009 ===
* Minor release
* Changed lshell's group from lshellg to lshell (this should not have an \
impact on older installations)
* Minor typo correction in the lshell.py code
=== v0.9.4 09/06/2009 ===
* Log file name is now configurable using 'logfilename' variable inside the\
configuration file
* Corrected aliases in lshell.conf to work with *BSD
=== v0.9.3 13/04/2009 ===
* corrected major bug (alias related)
=== v0.9.2 05/04/2009 ===
* added Force SCP directory feature
* added command alias feature
=== v0.9.1 24/03/2009 ===
* loglevel can now be defined on global, group or user level
* corrected sftp support (broken since in 0.9.0)
=== v0.9.0 20/03/2009 ===
* As lshell has reached the point where it can be considered as a nearly \
stable software. I decided to make a version jump to 0.9.0
* corrected bug in case PATH does not exist and allowed set to 'all'
* added support for UNIX groups in configuration file
* cleaned up code
* corrected major security bug
* corrected path completion, to complete only allowed path simplified the \
check_secure and check_path functions
* added escape code handling (tested with ftp, gdb, vi)
* added flexible +/- possibilities in configuration file
* now supports completion after '|', ';' and '&'
* Command test are also done after '|', ';' and '&'
* Doesn't list hidden directories by default
* There are now 4 logging levels (4: logs absolutely everything user types)
* added 'strict' behaviour. If set to 1, any unknown command is considered \
as forbidden, as warning counter is decreased.
=== v0.2.6 02/03/2009 ===
* added 'all' to allow all commands to a user
* added backticks in lshell.conf
* changes made to setup.py in version 0.2.5 were undone + added classifiers
=== v0.2.5 15/02/2009 ===
* corrected import readline [bug]
* added log directory instead of a logfile
* created log levels (0 to 3)
* setup.py is now BSD compatible (using --install-data flag)
=== v0.2.4 27/01/2009 ===
* NEW: "overssh" in config file. Allows to set commands allowed to execute \
over ssh (e.g. rsync)
* fixed timer
* added python logging method
* cleaned code
* cleaner "over ssh commands" support (e.g. scp, sftp, rsync, etc.)
=== v0.2.3 03/12/2008 ===
* corrected completion
* added [global] section in configuration file
=== v0.2.2 29/10/2008 ===
* corrected SCP functionnality
* added SFTP support
* passwd in not mandatory in configuration file (deprecated)
* lshell is now added to /etc/shells using `add-shell`
=== v0.2.1 20/10/2008 ===
* Corrected rpm & deb builds
* added a manpage
=== v0.2 18/10/2008 ===
* Initial debian packaging
=== v0.2 17/10/2008 ===
* Added config and log option on command line (-c|--config and -l|--log)
* Initial source packaging using distutils
* Initial rpm packaging using distutils
=== v0.2 07/10/2008 ===
* Added file completion
* Added a history file per user
* Added a logging for warnings and log in/out
* Added prompt update when user changes directory (bash like)
* Corrected the check_path function
* Changed user setting from global variable to dict
* Added a default profile used when a parameter is not set for a user
=== 06/05/2008 ===
* Added an shell script usefull to install and manage lshell users
=== 08/04/2008 ===
* Added evironment path (env_path) update support
* Added home path (home_path) variable
=== 29/03/2008 ===
* Corrected class declaration bug and configuration file location
* Updated the README file with another usage of lshell
=== 05/02/2008 ===
* added a path variable to restrict the user's geographic actions
* MAJOR: added SCP support (also configurable through the config file)
=== 31/01/2008 ===
* MAJOR: Added the 'help' method
* Did some code cleanup
=== 28/01/2008 ===
* Initial release of lshell