-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathChangeLog
304 lines (267 loc) · 13.1 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
2011-01-05 - Changes between 0.9.4 and 0.9.5
New features:
o This release includes packages for OpenSuSE 11.3 and Fedora 13.
o X11 applications running in a playground can now be started in a
nested and isolated X11 session.
o It is now possible to force removal of dead playgrounds even if some files
are no longer present.
Bugfixes:
o Creating permanent rules from sandbox escalations was broken. This is
fixed now.
o Fix a deadlock with dazukofs.
o Reset SIGCHLD handler for playground processes.
2010-10-21 - Changes between 0.9.3 and 0.9.4
New features:
o The Playground feature, which introduces a copy on write
filesystem for selected processes that are started in a playground session.
It also includes graphical and CLI management tools.
With these tools / features it is possible to selectively discard or commit
changes to the real filesystem when the a playground is halted.
To secure the commit operation it is possible to configure optional content
scanners, i.e. anti virus software, which can determine if the selected
files pose any risk to the integrity of the system, and if needed alert
the user or reject the commit entirely in case a virus is detected.
o Implemented a process browser in xanoubis, which greatly simplifies
the examination of Anoubis rulesets and other details for each process
on the system. This feature uses the Anoubis daemon's built-in process
tracking to list all processes and is especially useful for debugging and
correlating processes to rulesets or playground sessions.
o added support for Ubuntu Lucid and Debian Squeeze
o introduced 'anoubisctl ps' command
o introduced 'anoubisctl stat' command
o added kernel based SFS/Sandbox exceptions
o added some library support for mount points and file names
o added some more tray icons in different sizes (for smoother scaling)
o created userland and kernel source repository on sourceforge.net
o kernel source packages for .deb and .rpm now also available
o copy button in rule editor (for cloning rules)
Bugfixes:
o fixed some potential resource leaks
o fixed a few bugs in the SFS browser
o protected anoubisd from OOM killer
o fixed rule display for admin rules
o fixed several xanoubis segfaults
o fixed anoubisd upgrade segfault
o fixed ALF default rule logging
o fixed ruleeditor alignment
o fixed GUI notifications
o fixed de-selection handling
o fixed broken errno assignment
o repaired broken error messages
o fixed xanoubis sigchld handling
o fixed NFS problems with UDP mounts
o fixed anoubisctl client-connect segfault
o activated PAE in the Debian kernel config
o fixed writeback issues in Anoubis Options Tab
o enabled POSIX style option parsing in anoubis cli binaries
o corrected several broken translations and provided some missing ones
o fixed NULL dereference bug found by clang and added asserts (false positives)
o refined certificate error messages when connecting to daemon
o made sure that only a single line can be selected in AnGrids
o fixed runaway modprobe loop when loading sha256 early
o fixed potential message passing lockup in anoubisd
o worked around startup bug in autostart for gnome
o fixed reported crash with NULL sock->sk fields
o several valgrind fixes (xanoubis and anoubisd)
o fixed issues in Linux kernel found by sparse
o fixed some sparse findings in userspace
o fixed Use-after Free Bug in anoubisd
o fixed Fedora/OpenSuSE kernel patches
o fixed 64Bit kernel stack corruption
o fixed debian init script dependcies
o waiting for /dev/log during startup
o addressed some cppcheck findings
o fixed package dependencies typo
o fixed waiting for task bar area
o fixed kernel directory events
o fixed logging for admin rules
o some kernel package fixes
o fixed OpenBSD kernel Bugs
o fixed Ubuntu distro kernel
o quieted some clang warnings
o fixed message compatibility
o ComCSMultiTask design fix
Other changes:
o updated / cleaned up the Anoubis LiveCD
o cleaned up the display of new escalations
o fine tuned the display of command names
o updated the Linux kernel to 2.6.32.24
o unified write dispatcher functions
o Fedora/OpenSuSE packaging cleanups
o updated anoubisd.conf in packages
o improved ALF module rule display
o application-icons for Anoubis
o extensive code refactoring
o added a CSMulti request class
o made queues aware of write events
o added message to the xanoubis close dialog
o implemented a template based AnListProperty
o switched to less restrictive truecrypt policies
o display of checksum states in SFS escalations
o converted Checksum removes to CSMulti requests
o made sure that SFS does not consume all inodes
o increased tolerance for newlines in the APN syntax
o make more use of the buffer overflow library
o removed splint-includes.h from source tarball
o use non-root values for free space calculation
o removed kernel-header-dependencies from userland
o force a dynamic policy change when the UID of a process changes
o updated and extended documentation (for users as well as developers)
o improved many error messages to offer more details / be more specific
2010-03-18 - Changes between 0.9.2 and 0.9.3
New features:
o anoubisd: Remove unnecessary fsync call in anoubisd/sfs.c
which resulted in a huge performance loss when adding checksums.
o anoubisd: Now uses the multi-checksum-request messages to improve
performance.
o xanoubis: Now uses the multi-checksum-request messages to improve
performance.
o anoubisd: Limit the size of policy-files which can be configured in
anoubisd.conf(5).
o xanoubis: Implementation of client-authorization was added to xanoubis.
o xanoubis: Support for editing default policies.
o xanoubis: Provide a dialogue to generate key-pair within the GUI.
o xanoubis: comprehensive performance improvements regarding the handling
of very large policies within xanoubis.
o xanoubis: The nosfs-flag can now be set within the Rule Editor and
RuleWizard.
o Support for SCTP was added to apn, anoubis daemon and xanoubis.
o Support for eCryptfs was added to the Anoubis Linux kernel.
o Authentication was added in protocol version 4.
o A multi-checksum-request message type was added in protocol version 5.
o Long-running jobs comprised of numerous tasks such as register and validate
operations can now be interrupted within xanoubis.
Bug fixes:
o Linux Kernel: Fix a NULL pointer dereference sfs_bprm_committed_creds gets
called with a task that does not have a security label attached to it.
BUG #1447
o OpenBSD: Fix OpenBSD pool allocator bug.
o OpenBSD: anoubisctl leaks the setgid status to anoubisd causing issues
on opening /dev/eventdev
o OpenBSD kernel: Fix an OpenBSD bug that can cause crashes in namei NFS code.
o OpenBSD kernel: Fix deadlocks with vnode locks in OpenBSD.
o Kernel: Disable ANOUBIS_REQUEST_STATS ioctl for regular users.
o anoubisd: Fix memory leaks in the anoubis daemon revealed by valgrind(1)
o Fix a crash in the SHA256 calculation of libanoubissig.
o xanoubis: Fix a display bug that caused text to be displayed in adjacent
empty cells.
o xanoubis: Assure that the private key is loaded only into memory when actually
needed.
o xanoubis: Fix timeout of end-of-session key within SFS-Browser.
o xanoubis: Fix a bug were index counting for visible/invisible columns could
lead to a memory access behind the actual end of the list in question.
o xanoubis: Fix a segfault when xanoubis gets closed while in the upgrade
message dialogue.
o xanoubis: Fix view in Rule Editor to show non-bold fonts in headers, refuse
selection of these and store the size persistently.
o xanoubis: Change permissions of .xanoubis directory to 0700.
o xanoubis: Fix AnPickFromFS Dialogue to handle files as well as directories.
o xanoubis: Fix a segfault if a PolicyCtrl object is destroyed without an
explicit creation.
o xanoubis: Handling of the TrayIcon exclamation mark is now correctly done
when opening LogViewer or Notification tab
o anoubis-keyinstall: Bail out and provide and exit with a reasonable error
message when the tool is called by non-root users.
o Properly handle syssigs on !SFS_CS_OK filesystems to allow execs on dazukofs
mounts.
Other changes:
o Limit connections per user to avoid DoS by ENFILE
o anoubisd: Enforce secure exec if the policy of a task changes during exec.
o anoubisd: The number of pending notifications per session was limited to
avoid an out of memory DOS.
o xanoubis: Fix ComCsumAddTask to calculate checksum/signature in CsumCalcTask
not until both are meant to be send to daemon to improve performance.
o xanoubis: Redesign of the ALF, SB and SFS overview module.
o xanoubis: Double-Clicking on an empty application rules now also opens the
Rule Editor.
o xanoubis: A dialogue is shown to the user if a non-matching key-pair was
detected.
o xanoubis: Redesign of the Rule Editor which now uses a grid widget.
o xanoubis: Provide better error messages if an error occurs during
authentication.
o Linux kernel: Update to 2.6.32
o Initial implementation of a buffer overflow protection library used by
anoubisd
o Fix quoting in APN to handle filenames containing quotes properly.
o Add README.privsep as extra dist file providing information on privilege
separation.
2009-11-03 - Changes between 0.9.1 and 0.9.2
New features:
o Initial support for dazukoFS: Make sure anoubisd is unaffected by dazukoFS
and include dazukoFS in the kernel packages.
o Handle OS upgrades correctly even if anoubisd is restarted in the process.
This is done by delaying the restart until after the upgrade finished.
o Anoubisctl/sfssig/xanoubis will now also log errors to the syslog that may
be interesting for the administrator.
Bug fixes:
o OpenBSD kernel: Fix an OpenBSD bug that can cause crashes in nfs_reply.
o xanoubis: Fix directory path interfering with filter/invert options.
BUG #1168
o anoubisd/anoubisctl: Do not leak pid filehandle to childs.
o xanoubis: Various fixes for operating at low screen resolutions. BUG #893
o sfssig: Fix exporting of signatures.
o anoubisd: Fix /etc/services not being available to anoubisd childs.
o xanoubis: Fix 'Unexpected return-code: 1' error message. BUG #1373
o xanoubis: Fix the Status field in the rule editor being updated too
late. BUG #1369
o xanoubis: Display correct state in Upgrade view.
o xanoubis: Don't try to create a rule for an unknown binary after an
ask event.
o xanoubis: Make large SFS error messages scrollable. BUG #1352
o Linux kernel: Fix EBADF when writing to a raw socket. This sometimes
prevented dhclient from working.
o sfssig: Fix 'add' failing if file is open for writing. BUG #1342
o Linux kernel: Make sure a new file is not created if write access was
denied.
Other changes:
o Send upgrade-notify events to all attached UIs. Show the upgrade dialogue
in xanoubis when such an event is received. Also use this to get rid of
INotify.
o xanoubis: Give a general overview message for SFS errors.
o xanoubis: Save table column widths in xanoubis.conf.
o xanoubis: Adjust column witdths to window/table size. BUG #1321
o xanoubis: Create Anoubis specific MessageBox class.
o xanoubis: Various text improvements.
o anoubisd: Return EXDEV instead of EPERM when rename restrictions apply.
This makes programs like mv and patch copy the file instead. BUG #1353
o Handle mknod calls in kernel sfs and generate SFS-write events.
2009-10-12 - Changes between 0.1.10.D023.970.D170 and 0.9.1
New features:
o Introduce version/compatibility checks between various Anoubis
components. Introduce version numbers for various on disk file formats.
o Add support for updating checksums / signatures after an operating
system upgrade. For unsigned checksums, this can be done automatically.
For signed checksums, xanoubis displays a list with the changed files.
Bug fixes:
o Add a missing destructor for sfssubject
o Add missing event_add in acc_flush of libanoubischat
o Add upgrade lists to ComTask
o Deactivate wizard if disconnected
o Fix flex warnings caused by ununsed symbol in code generated by flex
o Fix list perspective in notification tab
o Fix memory leaks in apn parser
o Fix notification bubbles for notify-osd
o Fix segfault in checksum comparison for new context
o Fixed creation of user application policy
o Length verification for checksum operations
o Prevent looping in module SFS when in recursive mode
o Support display of ruleset that contain borrow
o Truncated length of error message from SFS to prevent KDE Window Manager
crash
o Various I18N fixes
Other changes:
o Get rid of apn_hash_type
o Get rid of protocol family in filtspec rules
o Get rid of state timeout in APN
o Implement new sfs tree format
o Add Upgrade marker to signature files on upgrade
o Module SFS: New implementation of list operations
o Move Checksums into a Subject in APN
o Performance improvement of calls to SelectedItemCount
o Performance improvement of hasSelection in AnList
o Provide direct access to the SFS-Browser tab
o Remove explicit checksums in policies
o Unify the handling of configuration options by new AnConfig-class
o Update the kernel configs with default mmap_min_addr
o Use TimerEvent to check for Changes in menu.lst
o anoubisctl and xanoubis now report PACKAGE_BUILD version