Dazuko CHANGELOG ================ 2.3.2-pre2 - fix name-cache leak for Linux 2.2, 2.4, and 2.6+syscall (patch #5552) - fix memory leak when removing trusted applications (patch #5552) - fix Linux 2.6 LSM stacking as a secondary module - fix overly conservative snprintf() calls 2.3.2-pre1 - fixed syscall support for Linux 2.6 with UTRACE (patch #5398) 2.3.1 - improved detection of Linux source and object directories - wrapped devfs in ifdef's for Linux 2.6 w/ syscalls - fixed error in resetting read-only flag Linux 2.6 w/ syscalls - added extra NULL check for filenames in core (allow NULL) - added "init module" event patch from F-Secure - added --without-dep option to avoid building dependencies 2.3.1-pre3 - added --kernelobjdir configure option for kernel build source - intensified configure's search for kernel source 2.3.1-pre2 - fix error in determining when ON_EXEC may be used 2.3.1-pre1 - merged all improvements from 2.2.2 - fixed a problem detecting linux configuration - Linux 2.6 read-only sct's require --sct-readonly with configure - added checks when ON_EXEC may be used 2.2.2 - 2.2.2-pre2 unchanged 2.2.2-pre2 - use Linux headers utsrelease.h/vermagic.h if available - RSBAC now only used if --enable-rsbac specified - fixed Linux 2.6.18 compile problems with no devfs - added support for Linux 2.6.18-rc2 LSM API 2.3.0 - added sys_call hooking under Linux 2.6 (--enable-syscalls) 2.2.2-pre1 - separate Linux LSM and device API detection - fix kernel version detection (now based on UTS_RELEASE) - fix compile errors under FreeBSD - fix possible formatting issues for error messages - fix minor memory leak in a rare error situation 2.2.1 - added simple make(1) filter to capture Linux 2.6 kernel version 2.2.1-pre2 - fixed "make install" when building for non-running Linux kernels 2.2.1-pre1 - add Linux 2.6 build tools as Makefile dependencies - fix issue with configure and the dash shell - renamed dazuko_get_filename_length() to dazuko_strlen() - added support for Linux 2.6.17-rc2 LSM API - exported dazuko_active() for extensions - exported dazuko_strtoul() for extensions - exported dazuko_strlen() for extensions - exported dazuko_strdup() for extensions - fixed small memory leak when handling setting access mask - trust-request-function now acts like other handle-functions (id_copy) 2.2.0 - allow Linux 2.6 LSM stacking on Dazuko's hook (inode_permission) - remove warning for unexpected slot-state resets 2.2.0-birthday (pre1) - fixed a deadlock situation with wait queues (in core) - localized wait queues - removed unnecessary queue wake's 2.1.1 - fixed check for event cache index values - fixed setting file mode in DazukoIO - added configure option to force RSBAC support - added support for Linux 2.6.16-rc1 LSM API 2.1.1-pre3 - added chroot workaround for Linux 2.6 (SMP, no __d_path) (patch #4602) - chroot workaround only available with --disable-chroot-support - added support for FreeBSD 6 - added support for Linux 2.6.15 device API - added support for Linux 2.6.15 LSM API 2.1.1-pre2 - added "make install" for Linux 2.2/2.4 - added support for Linux 2.6.14 LSM API 2.1.1-pre1 - fixed support for suspend2 (http://www.suspend2.net) - added support for Mandrake 10.0's version of LSM API - replaced "struct+trailing string" allocation - corrected return value for strtoul to unsigned 2.1.0 - improved "make install" for Linux 2.6 - added OO and threading support to Python binding (patch #3605) - fixed DummyOS support for REQSTREAM 2.1.0-pre9 - fixed problem with suspend for Linux 2.6 kernels < 2.6.13 - changed Linux 2.6 messages to KERN_INFO 2.1.0-pre8 - added configure checks for make utility and C compiler - added support for suspend1 (and the upcoming suspend2) for Linux 2.6 - added support for modified device API for Linux 2.6.13 - added "modprobe commoncap" to "make test" for Linux 2.6 when needed - no longer hook capability functions if commoncap not needed (Linux 2.6) - fixed bug that prevented stacked modules from being called (Linux 2.6) - updated perl binding for 2.1.0 API - updated python binding for 2.1.0 API - updated ruby binding for 2.1.0 API - updated lua binding for 2.1.0 API - updated lua license 2.1.0-pre7 - fixed a problem recognizing capabilities module (Linux 2.6) - added safer stacking support for Linux 2.6 without capabilities 2.1.0-pre6 - added newline to version stamp - added DazukoIO Version API - use version API in C single-threaded example - fixed problem with fopen("") for Linux 2.2/2.4 - fixed support for RedHat 9 Linux 2.4 kernels - allow stacking for Linux 2.6 kernels without capabilities 2.1.0-pre5 - added separate version header (using new version scheme) - added version stamps to userland and kernel binaries - fixed building using directories with spaces (Linux 2.6) - added TAF support to Linux/RSBAC, Linux 2.6, FreeBSD 4/5 - TAF can now only span to children, no longer to parents - renamed TAF "relative" to "child" (NOTE: this makes 2.1.0-pre4 incompatible!) - fixed a bug in communication fallback logic 2.1.0-pre4 - added REQSTREAM to device protocol (X/Y-bit compatibility) - moved all device handling into core (RA/ra handling) - ported pre-open event support for non-existant files to Linux 2.2/2.4 - added suspicous process checking for TAF to Linux 2.2/2.4 - added TRUST_RELATIVES support in TAF for Linux 2.2/2.4 - EXEC from daemons no longer generates event (for that group) - added dazukoRemoveTrusted(token) - added support for FiST to Linux 2.6 (currently deactivated) - fixed RDONLY/RDWR event flags in Linux 2.6 - added "setid" command to DummyOS for TAF debugging - abstracted request alloc/free in DazukoIO - removed accidental libc calls in kernel - kernel now sends version number on registration 2.1.0-pre3 - merged all improvements from 2.0.6 - added trusted application framework (TAF) - TAF supported by default (disable with --disable-trusted) - changed all references of "compat12" to "compat1" - renamed "xp" layer to "core" - added cache API (currently only supported by RSBAC) - added generic get_event_properties to core API - fixed implementation of xp_notify for DummyOS - CLOSE events handled as read_only (fixes flush problem) - reorganized code to break up huge functions - removed sizeof(*var) in DazukoIO 2.0.6 - added support for Linux 2.6.12-rc1 2.0.6-pre2 - fixed a typo in the LSM API 2.0.6-pre1 - added support for Linux 2.6.11 - fixed a typo in the LSM stacking code 2.1.0-birthday (pre2) - merged all improvements from 2.0.5 - configuration script reorganized and cleaned up - added configuration options for device major and system - changed dummy extension to DummyOS as sample Dazuko port - removed unneeded return values for mutex/lock functions in XP interface - removed "open file" list, file name lookups must occur in extension - filenames looked up from file descriptor for Linux 2.2/2.4, FreeBSD 4/5 - ON_CLOSE_MODIFIED will now never be generated (this will be changed) - removed FiST support (this will be changed) - groups now have their own access mask and include/exclude paths - added access mask cache for quick access checks - removed pre/post concept from XP framework - C example programs no longer require user id to be 0 - Ruby, Lua, and PHP examples added 2.0.5 - allow softlink events for Linux 2.6 2.0.5-pre5 - updated copyrights - added extern reference for __d_path() - removed static keyword in d_path patch 2.0.5-pre4 - reverted __d_path() back to Linux 2.6.0 version - added warnings and disable option for __d_path() under Linux 2.6 - added README and patchfile for __d_path() under Linux 2.6 - removed check for file readability under Linux 2.4 2.0.5-pre3 - fixed LSM helper script for SuSE support - added check to disable ON_CLOSE for Linux 2.6 kernels - "adopted" Linux 2.6 __d_path() function (and sync'd with 2.6.9) - added version information for FreeBSD 5 driver - updated Perl tests - added Perl multi-thread support (untested) 2.0.5-pre2 - added new helper script to identify Linux 2.6 LSM API - fixed compiler error for FreeBSD 5.3 - removed unneeded function in DazukoXP interface (file_struct_check_cleanup) - added udev/sysfs support for Linux 2.6 (untested) 2.0.5-pre1 - added option to disable Linux 2.6 LSM stacking - added check to disable ON_EXEC for Linux 2.2/2.4 non-x86 kernels - added support for dup() and dup2() under Linux 2.2/2.4 - added "link problem" solution to Linux 2.2/2.4 - example programs now exclude /dev/ rather than only /dev/null - added support for Linux 2.6.10 kernel 2.0.4 - 2.0.4-pre5 unchanged 2.0.4-pre5 - fixed linux_conf for distributions without config.h - RSBAC files now correctly generated for use as-is - added Linux fallback for platform include - kmalloc's for Linux 2.6 now atomic 2.0.4-pre4 - removed devfs configuration option - added "linux_conf" for reliable Linux configuration detection - added configure checks for security, capabilities, and Fedora Core 2 - merged all FreeBSD 4 features to FreeBSD 5 - added LSM exceptions for Fedora Core 2 2.0.4-pre3 - solved "link problem" under FreeBSD 4 (introduced aliases) - added support for dup() and dup2() under FreeBSD 4 (adds more ON_OPEN/ON_CLOSE events) - fixed support for dazuko with capabilty under Linux SuSE 9.1 - added recognition of ON_EXEC events under Linux 2.6 - fixed devfs support with Linux 2.6 and RSBAC 2.0.4-pre2 - fixed "typo" in dazuko_linux26_lsm macro 2.0.4-pre1 - complete new support for LSM (FINALLY it works right!) - fixed compile errors under FreeBSD 5 - added FreeBSD 5 pre-open support (improvement from 2.1.0-pre1) - updated copyright notices 2.1.0-pre1 - added new abstraction layer to userspace (dazukoio_xp) - ported pre-open event support for non-existant files to FreeBSD 5 - added dummy extension for sample porting (runs in userspace) - cleaned up extra files and redundancies in package 2.0.3 - added pre-open events for non existant files under FreeBSD 4 (if parent directory exists) - corrected name lookup cleanup under FreeBSD 4 - fixed a possible memory leak in DazukoIO 2.0.3-pre4 - added include to generated dazuko_ops_linux26.h - dazuko_call layer now inline static (to reduce needed stack space) - UID=0 no longer required (must be enforced with /dev/dazuko mode) - added Linux 2.2/2.4 support for DazukoFS based on FiST (still under development) 2.0.3-pre3 - configure script massively expanded (see ./configure --help) - Default Linux Capabilites now taken directly from original file - Perl and Python examples added - introduced "library" directory for DazukoIO static library - corrected minor check and return errors in XP layer 2.0.3-pre2 - fixed compile errors for some Linux 2.6 versions (using default capabilities) 2.0.3-pre1 - fixed ON_CLOSE_MODIFIED compile errors for Linux 2.2/2.4 and FreeBSD 4 - added Default Linux Capabilities under Linux 2.6 (enabled with configure script) 2.0.2 - changed Linux 2.6 fops structure to Linux 2.6 style - fixed Linux 2.6 crash when unloading an "in use" Dazuko - fixed Linux 2.6 compile errors - fixed FreeBSD 5 compile warnings/errors - synced RSBAC extension with DAZuko module in RSBAC - fixed problem with escape characters >= 128 2.0.2-pre2 - added support for RSBAC (RSBAC version 1.2.3-pre5 or higher required) - fixed multiple daemons with Linux 2.2 (by forcing compat12 mode) - fixed missing filenames for compat12 mode 2.0.2-pre1 - introduced xp_daemon_id for daemon identification (instead of PID's) 2.0.1 - fixed support for Linux 2.2.x kernels (change in Makefile) 2.0.1-pre3 - fixed buffer size calculation for dazukoRegister() - added devfs support for Linux 2.6 2.0.1-pre2 - fixed "make test" for Linux 2.6 - order of device and LSM registration switched for Linux 2.6 - added custom snprintf/vsnprintf 2.0.1-pre1 - added full support for FreeBSD 5 - fixed a problem with resolving local filenames in FreeBSD - configure script can build Makefiles for non-running Linux kernels - ON_OPEN now triggered when creating files (although this is not blockable) - removed __module__smp define for SMP Linux kernels - fixed "make clean" for Linux 2.2/2.4 Makefiles 2.0.0 - added "call_" layer to provide input/output checking to/from the XP layer - added verify functions to XP interface (needed by Linux 2.2 extension) - added destroy functions to XP interface (needed by Solaris) - extensions now use xp function calls instead of directly calling the functions - updated example_mt program to mirror example program - updated Example program for 2.0.0 interface and mirror example program - fixed endless device reading - fixed "exact match" for include/exclude paths - moved ioctl-handling code (aka compat12 code) into XP layer - chroot environments now work under Linux 2.6 - all error values now using XP defines - compat12 (with ioctl) now supported under Linux 2.6 - compat12 (with ioctl) no longer supported under FreeBSD - Java interface merged into main package - Java interface updated to 2.0.0 interface specifications - example programs now in sub-directories, example_c and example_java - example programs each have their own Makefile's (not yet configured with "configure") 1.2.3 - fixed "exact match" for include/exclude paths (fix from 2.0.0-current) 1.2.3-pre1 - updated configure script to match 2.0.0-pre5 - updated example program to match 2.0.0-pre5 - updated example_mt program to match 2.0.0-current - signals ignored for non-registered processes (improvement from 2.0.0-pre2) - fixed "off by one" bug for include/exclude paths (fix from 2.0.0-pre5) - renamed devfs define (improvement from 2.0.0-pre5) - fixed endless device reading (fix from 2.0.0-current) - removed warnings for unknown ioctl's 2.0.0-pre5 - added much more functionality to the configure script - fixed "in use" problems with spontaneous context-switches when unloading under FreeBSD - added macros for hooking/unhooking system calls - removed filename length restrictions - renamed the devfs define - abstracted code for generating protocol13 - moved code for generating protocol13 into XP layer - fixed resolving userspace pointers - added support for filenames with non-printable characters - fixed compiler warnings when compiling the interface - added ability to compile interface library without 1.x compatibility - removed CHANGES file (it was very poorly maintained) - fixed "off by one" bug when calculating include/exclude path lengths - added support for Linux 2.6 kernels (not yet complete, but very functional) 2.0.0-pre4 - example program now takes include paths as arguments - example program excludes /dev/null - added a "set flag" for each item in dazuko_access - write() is now used instead of ioctl() - fixed memory leak in FreeBSD - fixed all 1.x compatibility issues 2.0.0-pre3 - added ON_UNLINK and ON_RMDIR events - improved new signal handling efficiency - FreeBSD state-logic now matches Linux - no longer transmitting unused values over device - added more information about files accessed 2.0.0-pre2 - signals ignored for non-registered processes - fixed syscall recursive entry problem - fixed 1.2.x compatibility problem - abstracted errors (for better platform compatibility) 2.0.0-pre1 - all changes of 1.2.2-pre2, 1.2.2-pre3, 1.2.2 - renamed 1.3.x branch to 2.0.x (too many new things) - renamed structures and changed prototypes in API - FreeBSD extension fully functional - added new key/value device protocol (Protocol 13) - added read-only mode for registration - added backwards compatibility for 1.2.x branch - added configure script (works for Linux and FreeBSD) - moved device protocol handling into cross-platform (XP) layer 1.2.2 - added configure script - added UNREGISTER command to device protocol - example program now uses /home and /usr/home as include paths 1.2.2-pre3 - dazukoio has a complete multi-thread API (_TS for ThreadSafe) (see example_mt.c for usage) - access_t.deny shows current deny value to see if the access will already be blocked - message printed when unloading - added multi-threaded example program (example_mt) 1.2.2-pre2 - dazukoio now supports threads (although the functions are not thread-safe) 1.2.2-pre1/1.3.0-pre1 - example program catches SIGTERM and SIGINT, rather than "15" (patch #1675) - added return codes when add path fails (patch #1696) - added minor ON_CLOSE optimization 1.3.0-pre1 - added abstraction layer - added Linux extension (fully functional) - added FreeBSD extension (chroot, SMP, and local file access support not yet implemented) 1.2.1 - 1.2.1-pre2 unchanged 1.2.1-pre2 - correctly arranged the _SUPPORT defines - added defines so that only newer kernels utilize snprintf 1.2.1-pre1 - HIDDEN_SCT workaround now based on sys_close rather than sys_exit 1.2.0 - Dazuko interface now under a BSD License - fixed a memory leak by unregistration - fixed possible seg faults by unregistration - active count now atomic_t (rather than int) - ON_EXEC does not allow daemon to run exec unchecked - fixed a compiler warning - added Java interface (separate package) 1.2.0-pre2 - re-implemented cascading using arrays (rather than a linked list) - many functions now static and/or inline - ON_EXEC is turned on by default (runs very good now) - added a safety check in dazukoUnregister() 1.2.0-birthday (pre1) - added cascading! allowing multiple applications to simultaneously utilize Dazuko - dazukoRegister() prototype has changed (each application should use it's own registration string) - fixed a memory leak when using ON_EXEC 1.1.2 - 1.1.2-pre3 unchanged 1.1.2-pre3 - added code optimizations for file-hash lookups - ON_CLOSE_MODIFIED is back - ON_EXEC is back - events activated using a define (for example, -DON_EXEC_SUPPORT) - ON_CLOSE_MODIFIED,ON_EXEC events off by default - Makefile.sct now "uses" Makefile 1.1.2-pre2 - added code to support devfs (patch #761) 1.1.2-pre1 - added code to find the system call table if it is hidden 1.1.1 - sys_execve system call no longer supported (until the code is improved) 1.1.0 - switched dazukoio code to LGPL - eliminated ON_CLOSE_MODIFIED event 1.0.3 - added a check for invalid current task_struct on initialization - now using the short-form for file_operations struct 1.0.2 - minor changes to the C interface 1.0.1 - introduced a C interface for easy 3rd party implementations - added a check for daemon processes for all system calls - added ON_CLOSE_MODIFIED (this was actually formerly falsely implemented as ON_CLOSE) - fixed a redundancy in checking the access mask 1.0.0 - the first free version of Dazuko