summaryrefslogtreecommitdiff
path: root/eval.c
AgeCommit message (Collapse)Author
2011-08-01Make restricted mode 'Invalid command' message match non restricted modeJohn Southworth
2010-10-11Update to bash-4.1Stephen Hemminger
2010-06-17Remove AUDIT_SHELL optionStephen Hemminger
The concept of logging shell commands through audit subsystem is not useful because it is too hard to configure, requires special privledges, doesn't handle background commands, and is missing the necessary information...
2010-04-09Integrate bash 3.2 versionStephen Hemminger
This is merge of current Debian stable (Lenny) version of Bash with Vyatta changes.
2010-04-09Fix command auditing to work rightStephen Hemminger
The command auditing patch had a number of issues: * was looking at shell_input_line rather than what user entered * reopened audit file descriptor on each command * left audit_fd dangling in child * looked up tty on each command It still does getcwd() on each command but that probably can't be helped.
2010-04-06Turn on auditing for Vyatta bashStephen Hemminger
The original patch turned on auditing iff shell was named aubash and user was root. We change that to be always on if shell if vbash.
2010-04-05Add auditing support to bashStephen Hemminger
This is based on earlier (unaccepted) patch to add auditing support which wasd done by Steve Grubb at Redhat. This patch depends on audit 1.4 to provide a logging function. The resulting audit message looks like this: time->Tue Jan 30 18:23:45 2007 type=USER_CMD msg=audit(1170199425.793:143): user pid=22862 uid=0 auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='cwd=2F726F6F742F7465737420646972 cmd=6C73202D6C (terminal=tty1 res=success)' Which translates to: type=USER_CMD msg=audit(01/30/2007 18:23:45.793:143) : user pid=22862 uid=root auid=root subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='cwd=/root/test dir cmd=ls -l (terminal=tty1 res=success)' This patch causes bash to log all command line arguments when the shell is started as aubash or "bash --audit". The preferred methos is to make a symlink frp, bash to aubash and then add aubash to /etc/shells. Then you can change root's shell to aubash.
2008-02-14fix for bug 2832: limit expansion checking to appropriate commands.An-Cheng Huang
2008-02-13fix for bug 2604: shell accepts '!' by defaultAn-Cheng Huang
2007-12-07code reorgAn-Cheng Huang
2007-12-05restrict allowed operational commands in "full" mode.An-Cheng Huang
2007-11-29sanitize command line in full restricted modeAn-Cheng Huang
2007-11-29restricted modes:An-Cheng Huang
* do not restart completion after a "connector" or a '`'. * only allow simple commands and "pipe" in "full" mode. * add mechanism to limit allowed pipe commands. * remove unnecessary command checks (non-interactive and same command).
2007-11-14* add restricted modes ("output" and "full").An-Cheng Huang
* support "root-level" programmable completion in restricted modes.
2007-11-12initial import from bash_3.1dfsg.orig.tar.gzAn-Cheng Huang
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 03:44:08 +0000