Article delegate-en/3592 of [1-5152] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3578@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] DeleGate/9.4.0 (ALPHA) -- implanted configuration parameters in the executable file
04 Dec 2006 14:46:29 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Dear DeleGate users,

I inform you of the new release of DeleGate available as follows:
--------------------------------------------------------------------------
DeleGate/9.4.0 -- (ALPHA) -- implanted configuration parameters in the executable file

IMPLANTED CONFIGURATION PARAMETERS
  - supported "implanting" parameters into the executable file
  - implanted parameters can be encrypted to protect it from peeping by others
  - "subin" is obsoleted, just set "set-uid-on-exec" flag of the executable

An executable file can have "implanted" parameters to control authentication
and capabilities; which user or group can use it and which protocols or
functions it can execute.

The executable owned by "root" with "set-uid-on-exec" replaces "subin" to
execute privileged operations including binding privileged ports or PAM
authentication.

The implanted parameters in a executable file is edited with "-Fimp" option.
See the help information of it with "delegated -Fimp -h" and the page
<URL:http://www.delegate.org/delegate/implant/>

SECURE BINARY DISTRIBUTION
  - executable files distributed from DeleGate.ORG are signed with it RSA key
  - modification to the executable since the compilation is detected on startup

The executable file of DeleGate (delegated) has become signed and verified.
The file is signed at the build-time, and a modification of it (might be
a malicious interpolation) is detected when it is invoked to stop the
invocation.

ENCRYPTION OF CONFIGURATION PARAMETERS
  - introduced a pseudo URL "enc:" to represent a chunk of encrypted data
  - arbitrary data can be encrypted to the "enc:" format with "-Fenc".
  - encrypted data can be used as parameters of DeleGate with "+=enc:..."

See the help information of it with "delegated -Fenc -h" and the page
<URL:http://www.delegate.org/delegate/encrypt/>

--------------------------------------------------------------------------

  SITE: <URL:ftp://ftp.delegate.org/pub/DeleGate/>
  FILE: delegate9.4.0.tar.{gz,bz2}
  DATE: Dec 4 17:19 JST 2006
  TAR-SIZE: 6195200 bytes
  TAR-MD5:  04bd47b34a8ac3fd2a4f4e75659c296d
  PUBLIC-KEY: http://www.delegate.org/rsa-pubkey.pem
  TAR-MD5-SIGN:
    0KZLaVhJSerfRwo0Aioo7brd7yxu+xjjZsaIzd0B3jl/WqR51GJX20JXhOnYdIClmGJBaxj0
    HAv8TG5EkMFsZXdUXxZAKEGb5qu2iaHJ8e3MMqJa2Upv1VpLQfvt+DF0YdBnPY3R1lLB9kco
    5trk095wmwKB7BBQeI/TDXlaDDI=

[NEW]
 * general: "-Fimp" option to implant parameters into the executable
 * general: restricting users who can invoke the executable file (with passwd)
 * general: restricting capable Functions, protocols, params, and systemcalls
 * general: auto. invocation of SERVER="sudo" proc. for privileged operations
 * general: detection of interpolation of the executable file
 + general: "-Fenc" option to make encrypted parameters (or file)
 + POP: implemented RFC2449 "CAPA" for STLS 
 + HTTP: introduced HTTPCONF=kill-iqhead and HTTPCONF=kill-irhead 

[MOD]
 + OWNER: OWNER="invoker's-uid" by default when invoked with set-uid-on-exec
 + general: wait in foreground till daemon process launches
 + general: don't start in background without -Pxxx
 + CFI: act as a filter if without -Pxxx and invoked with std-I/O of sockets
 + AF_UNIX: expanded VSAddr from 32B to 128 for AF_UNIX
 + FreeBSD: use setproctilte() if it's available
 + Windows: MAXIMA=winmtu:0 (from 1024) by default (7.9.4)

[FIX]
 + SSLway: fixed session cache with client's certificate (9.2.4)
 + general: fixed SEGV on long CRYPT key
 + general: fixed infinite loop by malformed hostlist
 + SockMux: fixed SockMux on a FIFO pair (8.8.6)
 + TUNNEL: fixed SERVER=tunnel1 for TUNNEL=tty7:xxx.shio (8.0.1)
 + HTTP: fixed FFROMCL="-p,"filter for binary-relay (with HTTP/CONNECT)
 + Telnet: fixed relaying DataMark/OOB ASAP. without seeing TimingMark (9.0.3)
 + FreeBSD:don't care EOF of PIPE as OOB on FreeBSD (9.0.3)
 + MacOSX: coped with "OWNER=nobody" on MacOSX (in which uid(nobody) == -2)
 + CGI/SSI: enabled invocation via CGI/SSI
 + CGI/SSI: restarting as a service from CGI/SSI on Windows
 + SSH: enabled invocation via SSH
 + AF_UNIX: re-enabled AF_UNIX on Solaris (3.0.35)
 + AF_UNIX: repaired AF_UNIX + UDP to work (since 9.0.0 for IPv6)

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

--
9.4.0 061201 fix credhy.c: faster strtoHex/hextoStr without sscanf/sprintf
9.4.0 061130 new {httpx,script,delegated}.c: generic usage of enc: URI "scheme"
9.4.0 061130 mod {dgauth,dgsign}.c: accepts ":passWord" for "pass:passWord"
9.4.0 061130 fix script.c: coped with large +=enc: string
9.4.0 061129 new dgsign.c: erasing implanted param/opts with -zPARAM / -z-X
9.4.0 061129 new dgsign.c: -Fenc / -Fdec to encrypt/decrypt +=enc:ext:...
9.4.0 061129 new dgsign.c: loading encrypted parameters as +=enc:ext::xxxx:
9.4.0 061129 new dgsign.c: saving encrypted parameters with -Fimp -se or -sk
9.4.0 061128 new dgsign.c: supported -Fimp -U on Win
9.4.0 061128 new windows.c: implemented getting the owner name on Win
9.4.0 061128 new windows.c: implemented st_ino on Win (but only in short int)
9.4.0 061128 fix dgsign.c: supported -Fimp -k on Win
9.4.0 061126 new {dgauth,dgsign}.c: generic PASSWD=Dom:User:pass:xxxx storage
9.4.0 061125 new dgsign.c: introduced -Fimp -k to encrypt implanted config.
9.4.0 061125 fix {delegated,pelcgb}.c: fixed SEGV on long CRYPT key
9.4.0 061125 mod dgsign.c: allow -Fimp only to the owner and the group of exe.
9.4.0 061124 mod credhy.c: stopped too slow "dazzling" in CreyEncrypts(9.0.6)
9.4.0 061124 fix hostlist.c: infinite loop by malformed hostlist as "{a,b}c"
9.4.0 061123 new credhy.c: added simple safe string encoding instead of Hex
9.4.0 061123 fix {dgsign,credhy}.c: coped with a large config. file
9.4.0 061122 new param.c: supported -C -PARAM to disable the PARAM
9.4.0 061122 new dgsign.c: save/load commented configuration of -Fimp as is
9.4.0 061121 new dgsign.c: introduced -Fimp -e option (edit with vi or EDITOR)
9.4.0 061120 new dgsign.c: enabled arbitrary parameter NAME=value with -Fimp
9.4.0 061120 mod embed.c: enlarged the default size of IMP area to 4KB
9.4.0 061119 mod delegated.c: act as a filter if without -Pxxx and via socket
9.4.0 061117 fix dgsign.c: fixed broken password MD5 for repetitive -Fimp
9.4.0 061117 mod delegated.c: execute -Fkill as a usual -Ffunction
9.4.0 061117 new {delegate,param*.c: added ".lock.NAME=value" or ".lock.NAME"
9.4.0 061117 new embed.c: setting size of -Fimp area as "make IMPSIZE=1234"
9.4.0 061116 new dgsign.c: -Fimp coped with rewriting self on ETXTBSY
9.4.0 061115 fix sox.c: SockMux on a FIFO pair with Credhy preamble (8.8.6)
9.3.1 061111 fix sslway.c: sess. cache with client's certificate(9.2.4)
9.4.0 061113 mod sslway.c: introduced TLSOCNF="context:xxx"
9.4.0 061113 new http.c: introduced HTTPCONF=kill-iqhead and kill-irhead 
9.4.0 061110 mod sslway.c: showing library loading errors on the start (-vl)
9.4.0 061108 fix telnet.c: relay DM/OOB A.S.A.P. without seeing TM(9.0.3-pre18)
9.4.0 061109 fix nbio.c: FFROMC=-p,filter for binary-relay (HTTP/CONNECT)
9.4.0 061108 fix _-select.c: don't care EOF of PIPE as OOB on FreeBSD (9.0.3)
9.4.0 061108 fix delegated.c: fixed SEGV on start (9.4.0-pre1)
9.4.0 061107 mod delegated.c: wait in foreground till daemon proc. launch
9.4.0 061107 mod dgsign.c: -Fimp -m not to change the group-ownership
9.4.0 061107 mod embed.c: SUDOAUTH=":root,.u,/.g,/wheel,/staff" by default
9.4.0 061107 new svport.c: showing help for -Fimp -m on bind(-Pxx) error
9.4.0 061107 mod sudo.c: set the owner of SUDO socket to the one in OWNER
9.4.0 061107 mod dgsign.c: -Fimp -o copies modes of original to a new exec.
9.4.0 061107 mod delegated.c: create LOGFILE as DGROOT/{sudo,sudo-error}.log
9.4.0 061107 fix delegated.c: don't create generalist PROTOLOG for SERVER=sudo
9.4.0 061106 mod windows.c: MAXIMA=winmtu:0 (from 1024) by default (7.9.4)
9.4.0 061105 mod {pstitle,setproctitle}.c: use setproctilte() if available
9.4.0 061104 mod {__locking,_-CreateThread}.c: merged into windows.c
9.4.0 061103 mod unix.c: extracted Unix only code from windows.c
9.4.0 061103 mod {winserv,winreg}.c: merged into windows.c
9.4.0 061103 new pop.c: implemented RFC2449 "CAPA" for STLS 
9.4.0 061102 new delegated.c: detecting interpolation of the executable file
9.4.0 061102 new {service,delegated}.c: masking capable protocols by -Fimp
9.4.0 061102 new {dgsign.c,commands}.c: masking capable functions by -Fimp
9.4.0 061101 new delegated.c: "-r" option for INETD="" without -Pxxx
9.4.0 061031 mod delegated.c: don't start in background without -Pxxx
9.4.0 061028 fix file.c: coped with "OWNER=nobody" on MacOSX (uid == -2)
9.4.0 061028 new dgsign.c: -Fimp to implant config. params. into executable
9.4.0 061028 mod master.c: OWNER="invoker-uid" by default on set-uid-on-exec
9.4.0 061028 new sudo.c: introduced SUDOPASS=pass to be run with set-uid-flag
9.4.0 061028 fix httpd.c: fixed SERVER=tunnel1 for TUNNEL=tty7:x.shio (8.0.1)
9.4.0 061027 fix {delegated,winserv}.c: restarting as a service from CGI/SSI
9.4.0 061027 fix delegated.c: closing stdout on error restart from CGI/SSI
9.4.0 061026 fix {delegated,remote}.c: enabled invocation via SSH
9.4.0 061024 new windows.c: sending a file desc. by DuplicateHandle on Win
9.4.0 061024 mod delegated.c: re-enabled AF_UNIX on Solaris (3.0.35)
9.4.0 061024 fix nbio.c: fixed connect() with timeout to wotk with AF_UNIX
9.4.0 061022 new sendFd1.c: sending a file descriptor via AF_UNIX socket
9.4.0 061022 fix inets.c: repaired AF_UNIX + UDP to work (since 9.0.0 for IPv6)
9.4.0 061022 mod {vaddr,vsocket}.h: expanded VSAddr from 32B to 128 for AF_UNIX
--

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V