Permalink
Commits on Sep 19, 2016
  1. Merge pull request #160 from ghantoos/s_freebsd_noexec

    FreeBSD: sudo noexec lib missing path
    committed on GitHub Sep 19, 2016
  2. FreeBSD: sudo noexec lib missing path

    The new path of the sudo noexec library was missing from lshell,
    making it unable to load it. This create a security issue on FreeBSD.
    
    This commit adds the missing path.
    Ignace Mouzannar committed with Ignace Mouzannar Sep 19, 2016
  3. Merge pull request #159 from ghantoos/f_tox_py35

    [test] set python tox tests to p35
    committed on GitHub Sep 19, 2016
  4. [test] set python tests to p35

    Ignace Mouzannar committed with Ignace Mouzannar Sep 19, 2016
  5. Merge pull request #158 from ghantoos/f_disable_exit

    [feature] add possibility to disable exit (Closes #156)
    committed on GitHub Sep 19, 2016
  6. [feature] add possibility to disable exit (Closes #156)

    Added disable_exit flag. If set to 1, it will disable user exit.
    This could be useful when lshell is spawned from another
    none-restricted shell (e.g. bash)
    Ignace Mouzannar committed with Ignace Mouzannar Sep 19, 2016
Commits on Aug 25, 2016
  1. [bug] correct help <cmd> traceback, now warns user (Closes #152)

    [bug] correct help <cmd> traceback, now warns user (Closes #152)
    committed on GitHub Aug 25, 2016
  2. [bug] correct help <cmd> traceback, now warns user (Closes #152)

    The help command was initially present in lshell as all command were
    built-in. This has been changed a long time ago. This is why I am
    removing this function, and keeping the regular list of commands.
    Ignace Mouzannar committed Aug 25, 2016
  3. [security] parse quoted strings for possible commands #147, #148, #149

    Closes #148, Closes #147, Closes #149)
    
    Both issues #148 and #147 use the same vulnerability in the parser,
    that ignored the quoted strings. Parsing only the rest of the line
    for security issues. This is a major security bug.
    
    This commits also corrects a previous ommited correction regarding the
    control charaters, that permitted to escape from lshell.
    
    Thank you Proskurin Kirill (@Oloremo) and Vladislav Yarmak (@Snawoot)
    for reporting this!!
    committed on GitHub Aug 25, 2016
  4. [security] parse quoted strings for possible commands (Closes #148, C…

    …loses #147, Closes #149)
    
    Both issues #148 and #147 use the same vulnerability in the parser,
    that ignored the quoted strings. Parsing only the rest of the line
    for security issues. This is a major security bug.
    
    This commits also corrects a previous ommited correction regarding the
    control charaters, that permitted to escape from lshell.
    
    Thank you Proskurin Kirill (@Oloremo) and Vladislav Yarmak (@Snawoot)
    for reporting this!!
    Ignace Mouzannar committed Aug 23, 2016
Commits on Aug 22, 2016
  1. [security] MAJOR issue: catch ctrl escapes (Closes #149)

    The was a major security issue with lshell that allows any user to
    escape from lshell into bash (or any other available shell. This
    was done by typing <CTRL-V><CTRL-J>bash after any allowed command.
    For example:
    ~$ echo<CTRL-V><CTRL-J>bash
    
    Thanks Vladislav Yarmak (@Snawoot) for reporting this major issue!
    Ignace Mouzannar committed Aug 22, 2016
Commits on Jul 22, 2016
  1. [sec] added quoted text path parsing (Closes #132)

    - Special thanks to @kamade for the provided patch from which this
    commit was inspired!
    Ignace Mouzannar committed Jul 22, 2016
Commits on Jul 21, 2016
  1. [bug] correct subprocess cmd processing/stopping (Closes #140)

    Ignace Mouzannar committed Jul 21, 2016
Commits on Jul 20, 2016
  1. [bug] corrects completion when using './foo' (Closes #144)

    - Simplified the completion function
    - Added a test for ./ completion
    Ignace Mouzannar committed Jul 20, 2016
  2. [ci] corrected tox failure (Closes #145)

    - corrected output of one test on Debian or CentOS
    - corrected list bug in checkconfig
    - added words in dictionnay that were not detected in CentOS
    Ignace Mouzannar committed Jul 20, 2016
Commits on Mar 16, 2016
  1. [feature] add possibility to disable ld_preload (Closes #133)

    - this feature has been initialy requested in #122
    - corrects the typo in --path_noexec flag
    Ignace Mouzannar committed Mar 16, 2016
  2. [bug] corrects path_noexec variable not being evaluated #122

    Ignace Mouzannar committed Mar 16, 2016
Commits on Feb 27, 2016
  1. [debian] corrected watch file

    Ignace Mouzannar committed Feb 27, 2016
Commits on Feb 26, 2016
  1. [debian] Correct FTBFS using pybuild (py3) instead of default distuti…

    …ls (py2)
    Ignace Mouzannar committed Feb 26, 2016
Commits on Feb 25, 2016
  1. [debian] New upstream release 0.9.18

    Ignace Mouzannar committed Feb 25, 2016
  2. [admin] add code compatibility to logrotate 'su nobody'

    Ignace Mouzannar committed Feb 25, 2016
  3. [admin] correct logrotate permissions (Closes Debian#668776)

    Ignace Mouzannar committed Feb 25, 2016
  4. [release] lshell version 0.9.18

    Ignace Mouzannar committed Feb 25, 2016
Commits on Feb 22, 2016
  1. [code] moved check_secure function to sec.py

    Ignace Mouzannar committed Feb 22, 2016
Commits on Feb 21, 2016
  1. [code] moved check_path function to sec.py

    Ignace Mouzannar committed Feb 21, 2016
  2. [doc] Update README.md

    committed with Ignace Mouzannar Feb 21, 2016
  3. [ci] add pycomments tests to travis-ci

    Ignace Mouzannar committed Feb 21, 2016
  4. [ci] moved tox requirement file to test/ dir

    Ignace Mouzannar committed Feb 21, 2016
  5. [code] cleaned up spelling mistakes

    Ignace Mouzannar committed Feb 21, 2016
  6. [ci] add pylint/pyenchant comments spellcheck

    Ignace Mouzannar committed Feb 21, 2016
  7. [feature] add new short prompt (Closes #114)

    - Adds new short prompt configuration with full path (setting short_prompt
    to 2)
    - Add tests for all short_prompts configurations
    Ignace Mouzannar committed Feb 21, 2016
Commits on Feb 20, 2016
  1. [code] moved warn_count function to (new) sec.py

    Ignace Mouzannar committed Feb 20, 2016
  2. [bug] correct traceback when user conf is empty (Closes #127)

    Ignace Mouzannar committed Feb 20, 2016
  3. [bug] correct dir is reset to home after reloading configuration (Clo…

    …ses #126)
    
    When a user is already logged in, and the administrator changes the
    configuration, the user is automatically put back in his home directory.
    
    This commit fixes this behavior.
    Ignace Mouzannar committed Feb 20, 2016