1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
2.3.3
- Fixed escalation problem when not enough permission bits are specified. As a
side effect of this, you now MUST have a config file.
- Fixed the bug in rssh_chroot_helper where, if parsing the config file fails,
and logging is turned off, rssh_chroot_helper segfaults
2.3.2
- fixed segfault due to checking the length of variables that I forgot to
remove from build_arg_vector() since the chroot root exploit fix in 2.3.0
2.3.1
- fixed stupid bug that caused rssh not to allow rsync and rdist
2.3.0
- modified chroot_helper to parse the config file, to avoid arbitrary
chroot() (and thus root compromise)
- numerous documentation updates
- fix for va_start()/va_end()-related segfault on 64-bit architecture
- small bit of code cleanup
2.2.3
- added checks for command execution arguments to scp, rdist, rsync
2.2.2
- string formatting bug fixed in log.c
- small bug processing chroot path fixed in rsshconf.c
- -v now outputs pre-configured paths of important files
- extra debugging messages
- documentation updates for the wordexp() shell problem
2.2.1
- added missing code for parsing per-user options
2.2.0
- fixed a security hole where chrooted users could enumerate files outside
the jail
- fixed a bug handling sftp-server checking
- added support for cvs, rdist, and rsync
- documentation clarifications and updates.
- added conf_convert.sh to convert old rssh.conf files to new format
- added mkchroot.sh to set up a chroot jail (mostly for Red Hat systems)
- reversed the direction of the ChangeLog file... :)
2.1.1
- updated build environment to facilitate building RPMs
2.1.0
- added per-user configuration
- fixed a number of heretofore unnoticed bugs in the parser and elsewhere
- added examples to the config file
- updated documentation
2.0.4
- fixed quote processing in config file parser
- fixed command line argvec building for args with spaces
- cleaned up a number of other little verbiage things, etc.
- changed default shell opts to allow only scp if config file doesn't exist
2.0.3
- added SECURITY file to the distribution
- removed references to scpsh and sftpsh from README
- changed strcmp in main.c to use PATH_SCP rather than scp
- made rssh_chroot_helper check # of args, plus minor log mods to support
- minor fixes in CHROOT hints file
- actually called umask() to set the umask...
- added patches to configure.ac for compiling on non-GNU platforms
2.0.2
- another bug with scp
2.0.1
- fixed bug preventing scp from working
- documentation update for using chroot jails
- updated the INSTALL file with hints for Solaris
2.0.0
Some code clean-up, and added config file, with support for:
- setting default umask
- configuring whether scp and/or sftp are allowed
- setting the syslog facility to which to log
- support for chroot jails
...and there was much rejoicing. All configuration options are currently
global. In the next major release of rssh, they will be configurable on a
per-user basis (which will override global settings).
Added rssh_chroot_helper for (hopefully) implementing the chroot jail
securely.
1.0.4
minor bug fix
1.0.3
Uh, I forgot to update this, and I don't remember what I changed... ;-)
1.0.2
Automake support
1.0.1
Added support to configure to check for OpenSSH 3.5, and disables static
compilation if found
1.0.0
Initial release version (non-beta)
|