Here is a list of changes 0.9.2 - kernel patch was splited in two parts: - medusa_kernel_fix patch which fixes some kernel problems. This patch will eventually go into the mainstream kernel, and disappear from our distribution. - main medusa patch. This one contains the main part of kernel changes, which are required for Medusa, and must be applied AFTER the medusa_kernel_fix patch. - support for Linux capabilities is now changed: the capabilities now work as they're supposed to. - when kernel (e.g. not some user application) sends a signal, the operation is allowed explicitly. this fixes ^C problems, and maybe races in some cases - disallowed sending SIGSTOP and SIGTSTP to constable, suggested by Libor Kratochvil - fix of filesystem code for 2.4 - now it correctly travels through mountpoints - some cleanup - discontinued support for 2.2.x kernels. the patch is still there, but is inaccurate and may be broken. If you are willing to maintain the patch for 2.2, you're welcome. If you need it, request on mailing list. 0.9.1 - patch for 2.4.14 - 2.4.17 kernels - minor config fixes 0.9.0 - added new event 'START'. It occurs when a process is started (after fork) - event 'FORK' now accepts process updates from constable for both parent and child - cinfo was extended to array (needed by new Constable) - when constable starts all processes are set to the default values: - cinfo is 0 - vs is set to BEGIN_VS (see sources;) - med_act is set to MPACT_EXEC | MPACT_FORK | MPACT_START - syscall tracing is turned off - write to process memory via /proc/*/mem is enabled (!); this is required by the new RBAC module - fixed dual exec event when executing elf binary in 2.4.x - fixed vfsmount problem (kernel crashed without constable) - patches upgraded to linux 2.2.20 and 2.4.14 0.8.2 - fixed a hardlink bug, introduced in 0.8.1 for 2.4 kernels - added some optimizations - removed some optimizations (kernel won't run with them:))) 0.8.1 - improved code that handles privilege elevation during execve() (when using file capabilities, MED_SKIP works with 'on sexec' from now) - added several missing permission checks to System V IPC code - fixed some missing dputs() in VFS code - added 2.4.x kernels support. This code may contain bugs and is BETA quality. 0.7.12 - fixed - compilation problem when syscall tracing was disabled - added filesystem capabilities support in Constable: you can use linux-like variables icap, pcap and ecap in "for set", or (correct) fcap, acap and ecap. - kernel patches are in more unified format (i.e. "diff" line at the beginning of each patch) - added new sample configuration file - improved mini libc (Mlibc) Makefile - appropriate documentation changes 0.7.11 - file hiding is now config option, not a separate patch - cleaned up System V IPC hooks - rewritten Linux capabilities support - capabilities sets can be set for any file from now (just like vs sets can be) (!!! disabled for a moment, due to non-existing support in Constable !!! - will appear soon in the next release) note: during execve(), the kernel computes new process capabilities sets by evaluating file and process capabilities sets by the formula derived from POSIX capabilities security model - this is standard kernel behavior - cleaned up suid binary execution hook, fs/namei.c code - fixed - MED_YES at 'for exec' does not skip noexec mount flag and 'x' permission checks, it only skips basic permission() call - removed passing of filename, argc and argv to security daemon before exec (serious technical reasons), however, they are still available after exec - improved i386 entry.S offset generator (the kernel should now compile properly regardless of /usr/include/(linux|asm) symlinks) - init wrapper has been replaced by support in both kernel and constable: constable can be started instead of init; in this case it initializes itself and starts init. Patch in kernel enables you to use this feature without need to pass option "init=..." to the kernel at boot time. - finally we got rid of that nasty autoconf/automake. 0.7.10 - automake/autoconf support (thanks to Lubos Janica) - bugfix in constable - log_proc - added correct ptrace handling (and new event in constable: on ptrace) - many documentation fixes (thanks to Tony Kocurko) - `constable.conf' is now named `default.medusa' 0.7.9 - many documentation fixes and updates 0.7.8 - added some example Mlibc forcing routines and documentation - updated virtual spaces checks to exactly match authorization model - removed filesystem control config option (it is always enabled by now - whole thing wasn't too usable without it anyway) - fixed exporting of symbol medusa_capable - added optional patch for file hiding. it's working, but very slow, hardly portable and dirty as entire fs/readdir.c in the original kernel 0.7.7 - increased maximum number of arguments of functions in Constable config. file to 64 - empty command block '{ }' in Constable config file is now accepted. - fixed stupid bug in constant parsing in Constable (now you can use constant 22 without errors :-) ) - fixed some bugs in documentation - checked and updated virtual spaces checking - optimized middle communication layer 0.7.6 - major cleanup in constable sources - offset detection for arch/i386/kernel/entry.S is in kernel again - improved and cleaned up exec (and raised privileges exec) control - updated signal delivering control - enhanced file permissions handling 0.7.5 - now security daemon can be killed during waiting for request - fixed command sending bug in Constable - changed initialization of modules in Constable - main Makefile cleaned up - fixed stupid bug in syscall tracing code in the kernel (the offset to task_struct was wrong so syscall tracing didn't work) - added some documentation 0.7.4 - model of virtual spaces has changed and makes more sense now (old configs do not work with these, so you have to update them) - number of vitual spaces was extended from 16 to 32 - handling of virtual spaces in the kernel was rewritten using macros - corrected some grammatical mistakes in documentation - added handler type "on init" (people demanded this) - minor updates and fixes to documentation - added support for kernel 2.2.14 0.7.3 - fdprintf function added to mlibc - completed declarations of wrappers in mlibc for all non-obsolete syscalls - fixed another Constable compilation problems and did some code cleanup - finally, order of command line parameters to Constable was reversed - reboot if security daemon is killed (if the kernel is configured so) is now nicer and more portable 0.7.2 - fixed Constable (with disabled code forcing) compilation bug - some documentation fixes - removed doc extensions from documentation files 0.7.1 - fixed typo in Constable/Makefile - some documentation fixes 0.7.0 - some documentation fixes and Makefiles updates - added Init wrapper utility - added mlibc (Medusa (or mini) C library to make force code programming easier by linking them with it) - exported kernel symbols bug fixed - some updates to Constable configuration language 0.6.3 - some kernel patch compilation cleanups 0.6.2 - fixed stupid bug in System V IPC checking 0.6.1 - added communication protocol version checking - major part of documentation written - added dynamic loading of ELF objects for code forcing to Constable - added patches for 2.2.11 - 2.2.13 kernels 0.5.9 - added some extra parameters for Constable - added several useful constants to the Constable configuration language 0.5.8 - new feature: quiet mode - disables all messages from kernel - added some documentation 0.5.7 - fixed communication bug under glibc2 0.5.6 - first beta version (this one seems to be stable) - fixed many nasty bugs - added System V IPC checking - more standard package format 0.4.2 - Constable now compiles well both under libc5 and libc6 - some minor bugfixes 0.3.8 - changed signal delivering code - added some code forcing routines to Constable - minor code cleanups