-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathNEWS
278 lines (220 loc) · 9.97 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
December 20 2007:
Created new Sourceforge project for sudush2. This is
a continuation of development of sudosh, which
appears to be abandoned.
I will be releasing 1.0 via sourceforge today with a
couple of patches required in my environment (RHEL
3, 4, and 5, both 32 and 64 bit, and Solaris 9 Sparc)
Bugs fixed include a config file parsing bug that would
lead to a segfault, and a fix for pwent handling which
would cause issues with old vs new uids.
I also removed the requirement to initialize your log
directory. It ignores the -i option, which is left in
for compatibility with old install scripts. sudosh will
check the logdir for existance and correct permissions
every time it is run, and create or correct as necessary.
June 12th 2005:
Added configuration file support to sudosh. You can now
setup:
logdir
default shell
delimiter
syslog.priority
syslog.facility
-c arg allow
Also added -c support to sudosh so that remote commands
can be executed. This allows scp and rsync to be executed
remotely.
I've also ported sudosh-replay to C.
I decided to stop supporting old versions of sudosh. Use
the newest release instead. Anyone using 1.4.3 definately
needs to upgrade. The new version of sudosh only works with
newer logfiles.
May 12th 2005:
Silly bug in sudosh-replay wasn't allowing the new file
delimiter option to function completely.
Removed the dependacy from the TERM environment variable.
If it cannot be determined from the existing environment
it will default to the setting of "dumb" This way things
such as scp, rsync and the like will function properly if
sudosh is to be used as a login shell.
May 11th 2005:
Finally gave into all the requests for sudosh to be used as
a login shell from /etc/passwd. I'm not sure why people want
to do this. Sudosh should be used during esclation. For
example a user should login to UNIX with a personal account
that has minimal privileges. From here sudo(8) should be used
to gain access to other privileges such as oracle or other
application accounts. This is where sudosh is to be used,
for example:
1) login with personal account 'dhanks'
2) use sudo to gain access to oracle with sudosh.
$ sudo -u oracle sudosh
3) use the oracle shell with logging.
Regardless, I've added the ability to use sudosh as a login
shell. Just be sure to add the absolute path to sudosh in
/etc/shells and in /etc/passwd for the desired user. The
default shell is defined in configure as /bin/sh. If you
need to change it do so with the --with-defshell option to
configure, make, make install.
Luke Youngblood emailed me the other day regarding the file
delimiter of files used with sudosh. Generally the files are
delimited with a dash '-'. Luke pointed out he uses a dash
in the usernames such as "username-prod" Obviously this was
a problem for sudosh because it relies on the dash to know
which files are which.
Use the --with-filedelimit option to configure the default
file delimiter. I've successfully tested a dash '-', the
underline '_', and the colon ':'.
May 9th 2005:
Had problems with AIX. I love AIX, but forgot AIX has special
subroutines that handle user attributes very nicely. I've added
support for setpenv() which takes care of setting a clean
environment, chdir() to user's home directory and exec()ing the
user's shell all defined from /etc/passwd and /etc/environment.
Added MAXWAIT support to sudosh-replay. Thanks to Luc Charland
for the patch. This was something that always bothered me about
sudosh-replay, but I never got around to adding support for a
MAXWAIT. Added the usage to the README.
Had to make a small correction on the chdir() because accidentally
used the original HOME instead of the "to" user's home.
I'm still struggling with execv() vs. execle(). execle() seems
to be working fine for now. Working with Todd on this one.
I've certified sudosh 1.6.1 on AIX, Solaris and Linux. I've had
user reports that it works fine on HPUX and Tru64. I used the
command:
PATH="" sudosh
Then I proceded to check the environment. PATH was set correctly
by the shell through /etc/profile and the like. On AIX it was
set through setpenv() via /etc/environment.
May 7th 2005:
Sudosh now calls shells as if they were a login shell. Sudosh
automatically sets the environment variables LOGNAME, USER, TERM,
SHELL and PATH. Changed the way the shell is executed. Added a
dash '-' before the arguement, i.e. -ksh This allows the shell
to execute as if it were a login shell.
Added a random string to the log files so that non-privileged users
cannot delete their log files. Removed tampering code because it
was not portable. General code cleanup.
April 12th 2005:
Added functions to monitor log files and alert to syslog when
someone attempts to remove or modify the files.
March 22nd 2005:
Cleaned up the sudosh environment. TERM wasn't being transferred.
March 11th 2005:
Corrected incorrect HOME environment variable.
March 10th 2005:
Added setenv("HOME", pw->pw_dir, 1); so that sudosh will know
where the user's home directory is. This is helpful when the user's
shell is exec()'d and it needs to find the .profile and other shell
files.
March 8th 2005:
Added man pages for sudosh and sudosh-replay.
March 5th 2005:
Changed the way sudosh handles LOGDIR permissions. I had a
problem with st_mode == logdir because through AIX and Solaris
there are some extra higher level flags that throw it off. For
now I will ignore the validation level until the next release.
Chris MacLeod submited two patches for sudosh. Thank you very
much. Chris contributed:
1) specfile for building on redhat.
2) profile.d script for bash. Adds a sudo function so
that 'sudo -s' or just 'sudo' works seemlsesly.
February 19th 2005:
Critical bug fix. sudosh was reporting the incorrect user when
used with sudo. Upadted the way sudosh-replay reports. Much
easier to read.
February 14th 2005:
Added the -i, --init flag to automatically create the LOGDIR
directory. This comes in handy when you need to use sudosh for
other users besides root. This way other users have the correct
access to LOGDIR.
October 27th 2004:
Changed configure.in to work with AIX again. Not sure what was
the issue. Had to revert to an older configure.in from version
1.3.2 and add in support for Perl.
October 25th 2004:
Fixed another major bug in the exec code. This time the
environment was blanked out and caused havic on the new shell.
Added @PERL@ to the sudosh-replay so that Perl is automatically
found and configured.
Added @PACKAGE_NAME@ and @VERSION@ and whatnot to sudosh-replay
so that it can report its version as well.
Added a configuration summary to configure.in
Added full support for the following architectures (thanks HP)
alpha-dec-osf4*
alpha-dec-osf5.1*
alpha-dec-linux
hppa2.0w-hp-hpux11.11
hppa2.0w-hp-hpux11.12
ia64-hp-hpux11.23
powerpc-ibm-aix4.3.3
powerpc-ibm-aix5.1.0
powerpc-ibm-aix5.2.0
sparc-sun-solaris2.8
sparc-sun-solaris2.9
i*86-*-solaris2.9
i*86-*-solaris2.8
i*86-suse-linux (SuSE Enterprise Server 9.0)
i*86-intel-linux (RedHat Enterprise Linux ES/AS 3.0)
October 24th 2004:
Corrected major security hole in the SHELL environment variable.
I correctly set the (char *) shell that was cross-referenced with
/etc/shells, but during the prepchild I was still using the old
SHELL environment variable.
I went a futher step and used the execle() syscall with an empty
(char *) so that shell doesn't inherit any environment variables
from the calling user.
October 21st 2004:
Cleaned the headers on sudosh.c
Corrected AIX compile bug
Corrected Solaris compile bug
October 20th 2004:
Removed syslog.c. Got tired of looking at it. Bugged me. I'll
rewrite it later.
Added full support for AIX + gcc. This was a bitch. PTY hacking
isn't easy.
Added full support for Generic Linux (RedHat, SuSE, Fedora, etc)
Added full support for AMD64 SuSE 8.1
Added full support for SPARC SunOS Solaris 5.9
Added full support for x86 SunOS Solaris 5.9
Corrected sudosh-replay script. Wasn't replaying the scripts
correctly in corralation to the timing file.
Verified 1.3 branch is ready for production servers. Feel free to
install sudosh-1.3.0 on your servers at work. I do.
October 18th 2004:
Gave up on keystroke logging to syslog. It's impossible to
to trace the terminal to see if it's echoing keystrokes or not.
Bottom line is that passwords can be written to syslog, so I
removed this feature. I had it secure under Linux, but AIX and
Solaris were different in the nature that the terminal returned
a ECHO when the ENTER key was pressed.
Ditched the syslog for now. Everything is localized.
Added logdir automation to configure.in as well as host-type
recognition.
Added replay utility to playback sudosh sessions as they were
originally recorded.
October 8th 2004:
I've ensured that sudosh will compile on the following platforms:
* SunOS sparc-solaris1 5.9
* AIX
* Linux
October 8th 2004:
sudosh has been ported from Perl to C. sudosh now takes advantage
of pty devices in order to sit between the user's keyboard and a
shell.
This is a much larger milestone than it appears. By taking advantage
of pty devices I can now capture just the raw input from the keyboard
and log this to the syslog. This means a full root shell with all
the familiar logging from sudo: just the command line. We no longer
clog up the syslog with the output as well. The output is stored in
the user's home directory in a file .sudosh_history
September 24th 2004:
sudosh is now stable. We're taking advantage of the UNIX script(5)
command to maintain portability across platforms. We're looking at
porting sudosh to C in the future so that we may take further
advantage of pty devices.
September 14th 2004:
sudosh is in beta testing. I've submitted tarballs to FM and SF.
I have also announced sudosh to SAGE and the SUDO mailing lists.
The feedback has been great.