Permalink
Commits on May 7, 2018
Commits on Sep 19, 2017
  1. correct spelling mistake (#176)

    EdwardBetts authored and ghantoos committed Sep 19, 2017
Commits on Sep 15, 2017
  1. Merge pull request #177 from ghantoos/b/fix_tox_tests

    ghantoos committed Sep 15, 2017
    Correct tox tests, minor typos
Commits on Sep 13, 2017
  1. Correct tox tests, minor typos

    ghantoos committed Sep 13, 2017
  2. Merge pull request #169 from trbs/exit_code_over_ssh

    ghantoos committed Sep 13, 2017
    return exitcode for ssh commands and exit code 1 at config errors
Commits on Jan 18, 2017
Commits on Sep 19, 2016
  1. Merge pull request #160 from ghantoos/s_freebsd_noexec

    ghantoos committed Sep 19, 2016
    FreeBSD: sudo noexec lib missing path
  2. FreeBSD: sudo noexec lib missing path

    Ignace Mouzannar Ignace Mouzannar
    Ignace Mouzannar authored and Ignace Mouzannar committed Sep 19, 2016
    The new path of the sudo noexec library was missing from lshell,
    making it unable to load it. This create a security issue on FreeBSD.
    
    This commit adds the missing path.
  3. Merge pull request #159 from ghantoos/f_tox_py35

    ghantoos committed Sep 19, 2016
    [test] set python tox tests to p35
  4. [test] set python tests to p35

    Ignace Mouzannar Ignace Mouzannar
    Ignace Mouzannar authored and Ignace Mouzannar committed Sep 19, 2016
  5. Merge pull request #158 from ghantoos/f_disable_exit

    ghantoos committed Sep 19, 2016
    [feature] add possibility to disable exit (Closes #156)
  6. [feature] add possibility to disable exit (Closes #156)

    Ignace Mouzannar Ignace Mouzannar
    Ignace Mouzannar authored and Ignace Mouzannar committed Sep 19, 2016
    Added disable_exit flag. If set to 1, it will disable user exit.
    This could be useful when lshell is spawned from another
    none-restricted shell (e.g. bash)
Commits on Aug 25, 2016
  1. [bug] correct help <cmd> traceback, now warns user (Closes #152)

    ghantoos committed Aug 25, 2016
    [bug] correct help <cmd> traceback, now warns user (Closes #152)
  2. [bug] correct help <cmd> traceback, now warns user (Closes #152)

    Ignace Mouzannar
    Ignace Mouzannar committed Aug 25, 2016
    The help command was initially present in lshell as all command were
    built-in. This has been changed a long time ago. This is why I am
    removing this function, and keeping the regular list of commands.
  3. [security] parse quoted strings for possible commands #147, #148, #149

    ghantoos committed Aug 25, 2016
    Closes #148, Closes #147, Closes #149)
    
    Both issues #148 and #147 use the same vulnerability in the parser,
    that ignored the quoted strings. Parsing only the rest of the line
    for security issues. This is a major security bug.
    
    This commits also corrects a previous ommited correction regarding the
    control charaters, that permitted to escape from lshell.
    
    Thank you Proskurin Kirill (@Oloremo) and Vladislav Yarmak (@Snawoot)
    for reporting this!!
  4. [security] parse quoted strings for possible commands (Closes #148, C…

    Ignace Mouzannar
    Ignace Mouzannar committed Aug 23, 2016
    …loses #147, Closes #149)
    
    Both issues #148 and #147 use the same vulnerability in the parser,
    that ignored the quoted strings. Parsing only the rest of the line
    for security issues. This is a major security bug.
    
    This commits also corrects a previous ommited correction regarding the
    control charaters, that permitted to escape from lshell.
    
    Thank you Proskurin Kirill (@Oloremo) and Vladislav Yarmak (@Snawoot)
    for reporting this!!
Commits on Aug 22, 2016
  1. [security] MAJOR issue: catch ctrl escapes (Closes #149)

    Ignace Mouzannar
    Ignace Mouzannar committed Aug 22, 2016
    The was a major security issue with lshell that allows any user to
    escape from lshell into bash (or any other available shell. This
    was done by typing <CTRL-V><CTRL-J>bash after any allowed command.
    For example:
    ~$ echo<CTRL-V><CTRL-J>bash
    
    Thanks Vladislav Yarmak (@Snawoot) for reporting this major issue!
Commits on Jul 22, 2016
  1. [sec] added quoted text path parsing (Closes #132)

    Ignace Mouzannar
    Ignace Mouzannar committed Jul 22, 2016
    - Special thanks to @kamade for the provided patch from which this
    commit was inspired!
Commits on Jul 21, 2016
  1. [bug] correct subprocess cmd processing/stopping (Closes #140)

    Ignace Mouzannar
    Ignace Mouzannar committed Jul 21, 2016
Commits on Jul 20, 2016
  1. [bug] corrects completion when using './foo' (Closes #144)

    Ignace Mouzannar
    Ignace Mouzannar committed Jul 20, 2016
    - Simplified the completion function
    - Added a test for ./ completion
  2. [ci] corrected tox failure (Closes #145)

    Ignace Mouzannar
    Ignace Mouzannar committed Jul 20, 2016
    - corrected output of one test on Debian or CentOS
    - corrected list bug in checkconfig
    - added words in dictionnay that were not detected in CentOS
Commits on Mar 16, 2016
  1. [feature] add possibility to disable ld_preload (Closes #133)

    Ignace Mouzannar
    Ignace Mouzannar committed Mar 16, 2016
    - this feature has been initialy requested in #122
    - corrects the typo in --path_noexec flag
  2. [bug] corrects path_noexec variable not being evaluated #122

    Ignace Mouzannar
    Ignace Mouzannar committed Mar 16, 2016
Commits on Feb 27, 2016
  1. [debian] corrected watch file

    Ignace Mouzannar
    Ignace Mouzannar committed Feb 27, 2016
Commits on Feb 26, 2016
  1. [debian] Correct FTBFS using pybuild (py3) instead of default distuti…

    Ignace Mouzannar
    Ignace Mouzannar committed Feb 26, 2016
    …ls (py2)
Commits on Feb 25, 2016
  1. [debian] New upstream release 0.9.18

    Ignace Mouzannar
    Ignace Mouzannar committed Feb 25, 2016
  2. [admin] add code compatibility to logrotate 'su nobody'

    Ignace Mouzannar
    Ignace Mouzannar committed Feb 25, 2016
  3. [admin] correct logrotate permissions (Closes Debian#668776)

    Ignace Mouzannar
    Ignace Mouzannar committed Feb 25, 2016
  4. [release] lshell version 0.9.18

    Ignace Mouzannar
    Ignace Mouzannar committed Feb 25, 2016
Commits on Feb 22, 2016
  1. [code] moved check_secure function to sec.py

    Ignace Mouzannar
    Ignace Mouzannar committed Feb 22, 2016
Commits on Feb 21, 2016
  1. [code] moved check_path function to sec.py

    Ignace Mouzannar
    Ignace Mouzannar committed Feb 21, 2016
  2. [doc] Update README.md

    ghantoos authored and Ignace Mouzannar committed Feb 21, 2016
  3. [ci] add pycomments tests to travis-ci

    Ignace Mouzannar
    Ignace Mouzannar committed Feb 21, 2016
  4. [ci] moved tox requirement file to test/ dir

    Ignace Mouzannar
    Ignace Mouzannar committed Feb 21, 2016