-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
361 lines (342 loc) · 19.6 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
2022-12-13 Bogdan Drozdowski <bogdro /at- users . sourceforge . net>
* LibNetBlock version 1.7
Significant portability updates. LibNetBlock now compiles on FreeBSD
and macOS. Intercepting new functions and improvements in the old.
Improvements in banning. Code quality improvements, including fixes
recommended by Codacy. Improvements in the build system. Significant
improvements in the documentation. New unit tests. Other changes.
* configure.ac: Updated using Autoconf 2.71. Added checking for the
canonicalize_file_name(), realpath(), bindresvport() and
bindresvport6() functions. Added enabling all Automake warnings.
Added calling AM_PROG_AR as recommended by Automake warnings. Use
dedicated macros to check for the mode_t, size_t and ssize_t types.
Changed the program's configured name, add URL in AC_INIT(). Added
checking for the "-fanalyzer" and "-fstack-check" compiler options.
Added checking for the rpc.h header which declares bindresvport()
on FreeBSD.
* src/banning-generic.c (__banning_is_banned): Simplified some code,
fixing warnings found by 'cppcheck'.
* src/lnb_exec.c (__lnb_get_target_link_path): Use realpath() or
canonicalize_file_name() if available. Port fixes from LibHideIP:
free memory when needed, avoid infinite loops, fixed buffer length
and zeroing.
* src/lnb_exec.c (__lnb_is_forbidden_program): Port changes from
LibHideIP: calculate lengths just once, don't set unused values, use
LNB_MEMSET() instead of a loop, fixed zero-terminating the buffer.
* src/lnb_priv.h: Stopped redefining ssize_t - the new, dedicated
macros do it for us.
* src/lnb_cfg.h.in: Added constants for the canonicalize_file_name()
and realpath() functions and the rpc.h headers. Updated the package
names. Added a flag for HAVE_EXECVEAT, now present in glibc.
* src/lnb_cfg.h.in, src/*.{c,h,in}: Moved the compatibility flags to
lnb_cfg.h.in and added compatibility flags to allow compiling on
FreeBSD and macOS.
* src/lnb_exec.c (execve, fexecve, execveat): Check also if argv[0]
is not a banned program name (for e.g. symlinks uname->coreutils).
* src/lnb_exec.c (execveat): Check also if the path is empty and
AT_EMPTY_PATH is given - in that case it's the directory descriptor
that will be executed, so check that for banning.
* src/lnb_opens.c: Intercept fopen64, freopen64, open64 and openat64
only when present.
* src/lnb_net.c: Fixed test compilation without ANSI C.
* src/lnb_net.c (bindresvport, bindresvport6): New intercepted
functions.
* src/lnb_main.c (__lnb_main, __lnb_real_bindresvport_location,
__lnb_real_bindresvport6_location), src/lnb_cfg.h.in,
src/lnb_priv.h: Added support for the newly-intercepted functions.
* src/*.{c,h,in}, test/*.{c,h}, */Makefile.am, doc/libnetblock.texi.in:
Updated license blocks.
* m4/ax_gcc_warn_unused_result.m4: Updated for Autoconf 2.71.
* Makefile.am: Renamed 'pack' to 'x-pack'.
* src/Makefile.am: Renamed 'randomnames' to 'x-randomnames' and made
it PHONY.
* src/randomize_names_*.sh: Apply fixes recommended by Codacy.
* test/lnbtest_exec.c: Added tests for executing links to forbidden
programs, including the new test for execveat with an empty path.
Added a #define for the directory containing the forbidden 'ifconfig'
program. Checking if errno contains the expected value.
* test/lnbtest_net.c: Added tests for the intercepted bindresvport()
and bindresvport6() functions.
* test/Makefile.am: Moved common elements to variables. Renamed
'zcompile' to 'x-compile'. Added a flag to use config.h.
* libnetblock.spec.in: Removed commented-out deprecated lines and a
comment causing problems in package uninstallation. Cleaning the rpm
build root directory after building.
* README, INSTALL: Moved building RPMs the new way above the old way.
Other small updates.
* doc/libnetblock.texi.in: Many improvements in the documentation: made
URLs into proper links, use the TeXinfo @file, @samp, @command,
@code and @verbatim properly, added a link to the home page on the
"What is LibNetBlock" page, added "Reporting issues". Leave just the
SourceForge website address. Other small changes.
* doc/libnetblock.3: Leave just the SourceForge website address.
* doc/Makefile.am: Added flags for generating the HTML documentation.
* doc/sf_bogdro.css: Added a CSS file for the HTML documentation.
2021-01-10 Bogdan Drozdowski <bogdro /at- users . sourceforge . net>
* LibNetBlock version 1.4
Portability improvements. LibNetBlock should work better with some
filesystems which have i-node numbers greater than 2^32-1 and compile
under non-ANSI-C. Checked running LibNetBlock under GCC address &
undefined behaviour sanitizers. Improvements in unit tests.
* configure.ac: added checking for the stat(), stat64(), lstat64() and
getaddrinfo_a functions. Added checking for the -Wstringop-truncation
and -Wduplicated-branches compiler options.
* src/lnb_exec.c: forbid executing of 'coreutils' and 'hostid'
* doc/libnetblock.texi.in, doc/libnetblock.3: updated the addresses
* doc/libnetblock.texi.in: more blocks in @command{}
* libnetblock.spec.in: removed obsolete commented-out commands, updated
the URL, added BugURL. Using macros for common elements.
* Makefile.am: stop using 'tar --delete', for systems where GNU tar is
not installed or is not the default. Marked the 'pack' target PHONY
* src/lnb_cfg.h.in: added new constants
* src/lnb_priv.h: corrected some declarations to avoid warnings
* src/*.c*: added a preprocessor block that marks ANSI C as disabled,
for internal testing compiler compatibility.
* src/lnb_exec.c (__lnb_get_target_link_path_fd): fixed a warning
about a potential buffer overflow.
* src/lnb_exec.c (__lnb_get_target_link_path): replace rindex() with
the more portable strrchr(). Check also for lstat64() and skip if
both lstat64() and lstat() are not available.
* src/lnb_exec.c (__lnb_is_forbidden_program): Check also for
stat64() and skip if both stat64() and stat() are not available.
* src/banning_generic.c (__banning_is_banned): fixed using the user
banning filename instead of the global one
* src/lnb_exec.c: Forbid reading '/proc/net/fib_trie'.
* test/*.c, test/lnbtest_common.h: added a prolog macro with logging
common for all tests
* test/lnbtest_other.c: new tests for finding private symbols in the
library.
* test/lnbtest_common.c: a new file with code common to tests
* test/{lnbtest_exec.c,lnbtest_opens.c,lnbtest_banning.c}: Moved
common code to lnbtest_common.c.
* test/lnbtest_fopens.c: added tests for a device file and for an
object in the /proc filesystem.
* test/Makefile.am: added the new lnbtest_other test, added a target
to just compile the tests
* test/lnbtest_net.c: free()ing some of the test results to avoid
memory leaking warnings from sanitizers
2019-02-08 Bogdan Drozdowski <bogdro /at- users . sourceforge . net>
* LibNetBlock version 1.3
Added intercepting new functions. Fixed initialization code - fixed
lookup for fopen(). Improvements in unit tests. Improvements in code
portability and compatibility. Better code maintainability, updated
copyright and documentation.
* configure.ac: moved AC_LANG(C) before AC_PROG_LIBTOOL for improved
compatibility. Added checking for the -Wno-nonnull-compare compiler
flag to avoid warnings about defensive programming code. Added
checking for execveat(), fexecve(), strdup() and snprintf(). Added
checking for the -Wchkp, -Wformat-overflow=2, -Wduplicated-cond,
-Wrestrict and -Woverlength-strings compiler warning options.
* missing: script updated from new autoconf
* src/*.c: define LNB_VOID to be 'void' in ANSI C and use that in
function definitions for better readability
* src/lnb_opens.c: simplified the missing functions' declarations
* src/lnb_exec.c, src/lnb_net.c: added defining the constants
(_DEFAULT_SOURCE) for better compatibility with new C libraries
* src/lnb_main.c (__lnb_main): when the fopen() functions can't be
found by versioned lookup, try normal lookup. This should fix
compatibility with newer systems and make banning work there
* doc/libnetblock.texi.in, doc/libnetblock.3: added new URLs, updated
the description
* README, INSTALL: updated the description
* src/lnb_main.c, src/lnb_priv.h: added substitutes for strdup(),
memset() and memcpy()
* src/lnb_exec.c (__lnb_get_target_link_path): rewrite the function
usage to correctly drop the "const" qualifier. Add support for
symlink targets with paths not absolute, but relative to the symlink.
Free the allocated memory on each iteration when it would become
unused and lost. Start with duplicating the parameter so that it
can be passed as a literal.
* src/lnb_exec.c (__lnb_is_forbidden_program): change variables'
types to more correct ones (size_t), matching their usage. Fix
separating the program's name from its arguments.
* src/lnb_opens.c: created generic 32-/64-bit functions with common
code to be called from the intercepted functions
* src/lnb_opens.c (generic_freopen): closing the original stream even
if opening the new one is forbidden - prevents resource leaks
* src/lnb_opens.c (open, open64, openat, openat64): move the logger
after parameter initialization to display it properly in code based
on old-style varargs
* src/lnb_main.c, src/lnb_priv.h, src/lnb_exec.c,
test/lnbtest_exec.c: added intercepting execveat() and fexecve()
* libnetblock.spec.in: made the spec file more portable (assuming that
the required macros are properly defined on the target systems) and
removed some rpmlint warnings and errors
* test/*.c, test/Makefile.am: split the unit tests into separate
files, one for each functionality/compilation unit with intercepted
functions. Added defining the constants (_DEFAULT_SOURCE) for
better compatibility with new C libraries
* test/lnbtest_exec.c (test_execve_banned): don't pass NULL as the
program's environment - pass an array with one NULL instead
* test/lnbtest_exec.c: fix testing if the banned program wasn't
indeed run
* test/lnbtest_exec.c: remove unused variables
* test/lnbtest_net.c (test_recvmsg, test_sendmsg): change variables'
types to more correct ones
* test/lnbtest_exec.c (test_system): call "/bin/cat" instead of just
"cat", because that doesn't work on some systems (probably those
where /bin/cat is a symlink to 'coreutils')
* test/lnbtest_banning.c: a new unit test for testing banning
2017-04-23 Bogdan Drozdowski <bogdro /at- users . sourceforge . net>
* LibNetBlock version 1.0
Fixes and improvements to code related with banning the library from
interfering with fragile programs. Many code improvements and
simplifications in readability and maintenance. More unit tests.
Small performance improvements.
* configure.ac: fixed typos, updated version, checking for the symlink
function for unit tests.
* README, INSTALL, doc/libnetblock.texi.in: added a note that compiling
with a C++ compiler won't work right now due to some variable
casting constructs that are forbidden in C++. Added a note saying
that glibc 2.11 (and potentially other versions) has a bug which may
cause LibNetBlock to hang during initialization in dl(v)sym.
* src/lnb_priv.h: added LNB_SET_ERRNO and LNB_GET_ERRNO macros to
simplify code in many places. Added LNB_MAKE_ERRNO_VAR for declaring
and initializing a variable that holds the temporary errno value.
Renamed SET_ERRNO_PERM to LNB_SET_ERRNO_PERM and SET_ERRNO_MISSING
to LNB_SET_ERRNO_MISSING. Added a warning when glibc 2.11 is used.
* src/*.c: simplified errno usage - not setting where not checked
after or when not in a user-called function. Use macros to set and
get errno where required. All public functions should now either
preserve errno or keep the value set by the original functions.
* src/lnb_opens.c, src/lnb_pcap.c: surrounded external definitions
with >extern "C"<.
* src/banning-generic.c: a generic file with functions related to
banning programs and files from being interfered with by the library.
Improved code deduplication and maintenance. The file will be used
in LibSecRm, LibHideIP and LibNetBlock.
* src/lnb_banning.c: include and use banning-generic.c.
* src/lnb_exec.c (__lnb_append_path, __lnb_is_forbidden_program):
fixed potential buffer overflows
* src/lnb_exec.c (__lnb_append_path): calculate string lengths once
* src/lnb_exec.c (__lnb_is_forbidden_program): fixed potential use of
uninitialized values
* src/lnb_exec.c (__lnb_get_target_link_path): fix syntax error when
malloc() is missing.
* test/lnbtest.c: fixed LSR_ANSIC to LNB_ANSIC (shouldn't be used
anyway).
* test/lnbtest.c (test_socket_unix, test_socket_local,
test_socket_banned_netlink, test_socket_banned_raw,
test_socket_banned_proto_netlink, test_socket_banned_inet,
test_socket_banned_proto_inet): tests renamed to better match what
they test.
* test/lnbtest.c (test_socket_banned_raw6,
test_socket_banned_proto_netlink6, test_socket_banned_inet6,
test_socket_banned_proto_inet6): added tests related to IPv6.
* test/lnbtest.c (test_freopen_stdout, test_freopen_stdout_banned,
test_freopen_link_banned_stdout): added tests related to freopen().
* test/lnbtest.c (test_freopen_banned, test_freopen_link_banned):
fixed descriptor leak (only in the test itself).
2015-09-06 Bogdan Drozdowski <bogdro /at- users . sourceforge . net>
* LibNetBlock version 0.6
Library marked as not requiring executable stack (security reasons).
Fixed runtime dependencies. Fixed banning functions. Fixed errno
setting. Minor code cleanup. Added unit tests.
* configure.ac: checking for the -Wl,-z -Wl,noexecstack compiler
option and -z noexecstack linker option. Rearranging the check for
libdl to enable the default behaviour (adding it to the LIBS) - this
allows using tests and removes the need to preload libdl along with
LibNetBlock. Checking for the "check" library for unit tests.
Checking for libpcap which should also be present at runtime. Added
checking for arpa/inet.h and sys/un.h, if tests are enabled.
* libnetblock.spec.in: changed the LibNetBlock URL address to
SourceForge and updated filename for the new version
* doc/libnetblock.3: added SourceForge addresses
* src/Makefile.am: added the "randomnames" target for easy internal
name randomization (hiding LibNetBlock from simple symbol listing),
updated library version number
* src/randomize_names_perl.sh: optimized the name matching
* README, INSTALL, doc/libnetblock.texi.in: described in detail how to
hide LibNetBlock by randomizing internal names
* src/lnb_exec.c (__lnb_is_forbidden_file): fixed link checking
* src/lnb_exec.c (__lnb_is_forbidden_program): fixed endless loop,
fixed link reading
* src/lnb_banning.c: created new constants for common #defines
* src/lnb_priv.h: added SET_ERRNO_MISSING to set the errno
when the original function is missing on the system. Fixed the
value. Added SET_ERRNO_PERM to set the errno when the operation is
forbidden
* test: added unit tests for LibNetBlock
* src/lnb_opens.c (freopen, freopen64): disallowing also to reopen
the standard streams (stdin, stdout, stderr) to the banned files
2013-06-02 Bogdan Drozdowski <bogdro /at- users . sourceforge . net>
* LibNetBlock version 0.5
Portability improvements (fixes for compilation without some header
files or functions). Other small fixes and updates.
* configure.ac: checking for the -O3 compiler option. No longer
requiring malloc().
* src/libnetblock.h.in: correctly indented constants introduced in 0.4
* README, INSTALL, doc/libnetblock.texi.in: changed "rpm" to "RPM",
commands in separate paragraphs
* src/lnb_banning.c: added the stdlib.h file, required by getenv().
Added the malloc.h file (optional).
* src/lnb_exec.c (__lnb_is_forbidden_file,__lnb_is_forbidden_program):
small improvements
* src/lnb_exec.c (__lnb_is_forbidden_program): fixed compiling
without malloc(), sys/stat.h, readlink() and getenv().
* src/Makefile.am: made libnetblock.h not distributed
* src/lnb_opens.c: removed including the unnecessary malloc.h file
* src/lnb_exec.c: added a missing "unused" attribute
2012-09-30 Bogdan Drozdowski <bogdro /at- users . sourceforge . net>
* LibNetBlock version 0.4
Banning mechanism fixed and updated with new possibilities.
* doc/libnetblock.texi.in: added @dircategory and @direntry.
* configure.ac: added a summary of enabled options. Added two new
command-line banning-related options: --enable-environment
(enables additional banning files pointed to by environment
variables) and --enable-user-files (enables additional banning
files in users' home directories). Using AS_HELP_STRING to format
help for options. Not checking for memcpy(), lstat() & snprintf().
* src/lnb_priv.h: added missing LNB_ prefixes
* src/lnb_banning.c: support for banning files pointed to by
environment variables and additional banning files in users' home
directories. Fixed checking if a program is banned.
* src/libnetblock.h.in: added constants for the names of the
environment variable poiting to an additional banning file location
and additional banning files in users' home directories.
* src/Makefile.am: made libnetblock.h not only in PUBLIC_INTERFACE,
since now it is used in lnb_banning.c.
* README, INSTALL, doc/libnetblock.texi.in, doc/libnetblock.3: updated
with new banning information. Minor corrections.
2012-02-11 Bogdan Drozdowski <bogdro /at- users . sourceforge . net>
* libnetblock version 0.3
Made the header file SWIG-enabled, updated copyright, code cleanup,
efficiency corrected, more forbidden programs, documentation update.
* libnetblock.spec.in: corrected the description of the devel package.
* src/libnetblock.h.in: SWIG compatibility.
* src/lnb_banning.c (__lnb_check_prog_ban): stopping the checking as
soon as a match is found. Preserving errno.
* src/lnb_exec.c: moved __lnb_is_forbidden_file() from lnb_opens.c
and made it public. Using a constant for the separator char between
different paths. Added more forbidden programs.
* doc/libnetblock.texi.in: a new chapter about the development library
and using libnetblock with SWIG, marked the URLs.
* src/lnb_net.c (socket, bind): allow Unix domain sockets.
* README, INSTALL: added information about SWIG, fixed typos
* doc/Makefile.am: fix typo
2011-10-07 Bogdan Drozdowski <bogdro /at- users . sourceforge . net>
* libnetblock version 0.2
Added a file for pkg-config with library information. Verified that
no symbol whose name can't be randomized can be reached from the
outside.
* configure.ac: added new C compiler flags to check for:
-Wwrite-strings and -Waggregate-return. Added generating a file
for pkg-config.
* libnetblock.pc.in: a data file for pkg-config.
* libnetblock.spec.in: added the pkg-config file to the -devel package
* README, INSTALL, doc/libnetblock.texi.in: added the
--enable-public-interface configure option.
* src/{libnetblock.h.in,lnb_public.c.in}: added version information
to the library's public interface.
* src/lnb_main.c: removed unused declaration of __lnb_end().
* Makefile.am: added the file for pkg-config.
2011-06-16 Bogdan Drozdowski <bogdro /at- users . sourceforge . net>
* libnetblock version 0.1
Initial version. Intercepting: socket, sendmsg+recvmsg,
execve (thus the whole exec* family) with the system function (can
be used to launch bad programs), bind, a bunch of file opening
functions (fopen, fopen64, open, open64, freopen, freopen64,
openat, openat64) which can be used to access files under /dev/net,
some of the function from the libpcap library, to prevent raw
opening of network devices. Implemented program banning. Providing
a public interface to use by programmers to secure their programs.