Contact: [email protected]
https://github.com/ghantoos/lshell
- Added path-only completion with completion from allowed paths.
- Added prompt color support using ANSI codes.
- Fixed SFTP bug that caused connection failure.
- Added background job management with
fgandjobscommands, including support for background execution using&. - Added Docker tests for Debian, Ubuntu, Fedora, and Alpine.
- Added source command
- Added support for
LPS1andPS2similar to bashPS1andPS2 - Minor test updates and bug fixes
- Updated lexer/parser for handling complex regex and quoted strings.
- Added the ability to restrict file extensions by providing a list of
allowed_file_extensions. - Fixed configuration interpretation when using
'all' - ['command']or similar configuration structures. - Added more tests.
- Fixed parsing and testing of the over SSH commands. Corrected return codes over SSH.
- Feature: Allow commands with specific parameters, e.g.,
telnet localhost. Addingtelnet localhostto theallowedconfiguration will not permit thetelnetcommand by itself but will only allow the exact matchtelnet localhost.
- Make env_path have precedence over the OS path ($env_path:$PATH)
- Test auto-release via Pypi
- Add the ability to write and execute a lshell script (
#!/usr/bin/lshell) - Added Pypi package
- Code cleanup and testing
- Fixed security issues CVE-2016-6902, CVE-2016-6903
- Fixed parser to better support operators like
||and&& - Added support for
ctrl-z: lshell no longer runs in the background whenctrl-zis used - Added
env_vars_filesfeature: enables adding environment variables in a file and loading it at login - Improved Python3 compatibility & general code refresh
- Removed the
help_help()function
- Corrected exit codes of built-in commands
- Added default support for
sudo_noexec.soinLD_PRELOAD. This feature comes with a new variableallowed_shell_escapeto allow admins to escape the new default behavior. Thank you Luca Berra for this contribution! - Added Python3 compatibility. Thank you Tristan Cacqueray for your help!
- Added restricted environment variables that cannot be updated by user. Thank you Tristan Cacqueray for this contribution!
- Added
exportcommand in built-ins - Added WinSCP support. Thank you @faberge-eggs for this contribution!
- Added tox testing. Thank you Tristan Cacqueray for your contribution!
- Correct logrotate configuration. Thank you Rune Schjellerup Philosof for your patch suggestion.
- Code cleanup (More information in the git commit log)
- Added
include_dirdirective to include split configuration files from a directory. - Added possibility of using 'all' for sudo commands
- Replaced
os.systembysubprocess(python) - Added support for
sudo -u - Corrected shell variable expansion
- Corrected bugs in aliases support
- Fixed timer (idle session)
- Added exit code support
- Fixed wrong group reference for logging
- Replaced Python
os.systemwithsubprocess
- Added support to login script. Thank you Laurent Debacker for the patch.
- Fixed auto-complete failing with "-"
- Fixed bug where forbidden commands still execute if
strict=1 - Fixed auto-completion complete of forbidden paths
- Fixed wrong parsing
&,|or;characters - Added
urandomfunction definition for python 2.3 compat - Corrected env variable expansion
- Add support for
cdcommand in aliases - Split
lshellmodulein multiple files under thelshelldirectory - Fixed
check_securefunction to ignore quoted text - Fixed multiple spaces escaping forbidden filtering
- Fixed log file permissions
644 -> 600 - Added possibility to override config file option via command-line
- Enabled job control when executing command
- Code cleanup
- Corrected mismatch in
aliaskeyvariable.
- Corrected security bug allowing user to get out of the restricted shell. Thank you bui from NBS System for reporting this grave issue!
- Set the hostname to the "short hostname" in the prompt.
- Corrected traceback when "sudo" command was entered alone. Thank you Kiran Reddy for reporting this.
- Added support for python2.3 as
subprocessis not included by default. - Corrected the
strictbehavior when entering a forbidden path. - Added short path prompt support using the
prompt_shortvariable. - Corrected stacktrace when group did not exist.
- Add support for empty prompt.
- Fixed bugs when using
$()and ``. - Corrected strict behavior to apply to forbidden path.
- Added support for wildcard
*when usingcd. - Added support for
cd -to return to previous directory. - Updated security issue with non-printable characters permitting user to get out of the limited shell.
- Now lshell automatically reloads its configuration if the configuration file is modified.
- Added possibility to have no "intro" when user logs in (by setting the intro configuration field to "").
- Corrected multiple commands over ssh, and aliases interpretation.
- Added possibility to use wildcards in path definitions.
- Finally corrected the alias replacement loop.
- Corrected
get_aliasesfunction, as it was looping when aliases were "recursive" (e.g.ls:ls --color=auto) - Added
lsudobuilt-in command to list allowed sudo commands. - Corrected completion function when 2 strings collided (e.g.
lsandlsudo) - Corrected the README's installation part (adding
--prefix). - Added possibility to log via syslog.
- Corrected warning counter (was counting minus 1).
- Added the possibility to disable the counter, and just warn the user (without kicking him).
- Added possibility to configure prompt. Thank you bapt for the patch.
- Added possibility to set environment variables to users. Thank you bapt for the patch.
- Added the
historybuilt-in function.
- Switched from deprecated
popen2tosubprocessto be python2.6 compatible. Thank you Greg Orlowski for the patch. - Added missing built-in commands when
allowedlist was set toall. For example, thecdcommand was then missing. - Added the
exportbuilt-in function to export shell variables. Thank you Chris for reporting this issue.
- A minor bug was inserted in version 0.9.11 with the sudo command. It has been corrected in this version.
- Corrects traceback when executing a command that had a python homonym (e.g.
print fooorset). (Closes: SF#2969631) - Corrected completion error when using
~/. Thanks to Piotr Minkina for reporting this. - Corrected the
get_aliasesfunction. - Corrected interpretation of
~user. Thank you Adrien Urban for reporting this. - The
home_pathvariable is being deprecated from this version and on. Please use your system's tools to set a user's home directory. It will be completely removed in the next version of lshell. - Corrected shell variable and wildcards expansions when checking a command. Thank you Adrien Urban for reporting this.
- Added possibility to allow/forbid scp upload/download using
scp_uploadandscp_downloadvariables. - Corrected bug when using the
command=in openSSH'sauthorized_keys. lshell now takes into account theSSH_ORIGINAL_COMMANDenvironment variable. Thank you Jason Heiss for reporting this. - Corrected traceback when aliases is not defined in configuration, and command is sent over SSH. Thank you Jason Heiss for reporting this.
- Corrected minor bug in the aliases function that appeared in the previous version. Thank you Piotr Minkina for reporting this.
-
Added the possibility to configure introduction prompt.
-
Replaced "joker" by "warnings" (more elegant)
-
Possibility of limiting the history file size.
-
Added
lpathbuilt-in command to list allowed and denied path. Thanks to Adrien Urban. -
Corrected bug when using
~was not parsed as "home directory" when used in a command other thancd. Thank you Adrien Urban for finding this. -
Corrected minor typo when warning for a forbidden path.
-
If
$(foo)is present in the line, check iffoois allowed before executing the line. Thank you Adrien Urban for pointing this out! -
Added the possibility to list commands allowed to be executed using sudo. The new configuration field is
sudo_commands. -
Added the
clear(1)command as a built-in command. -
Added
$(and${in the forbidden list by default in the configuration file. -
Now check the content of curly braces with variables
${}. Thank you Adrien Urban for reporting this. -
Added possibility to set history file name using
history_filein the configuration file. -
Corrected the bug when using
|,∨over ssh. Over ssh forbidden characters refer now to the list provided in theforbiddenfield. Thank you Jools Wills for reporting this! -
It now possible to use
&&and||even if&and/or|are in the forbidden list. In order to forbid them too, you must add them explicitly in the forbidden list. Thank you Adrien Urban for this suggestion. -
Fixed aliases bug that replaced part of commands rendering them unusable. e.g. alias
vi:vimreplaced theviewcommand byvimew. -
Added a logrotate file for lshell log files.
-
Corrected parsing of commands over ssh to be checked by the same function used by the lshell CLI.
Thank you Adrien Urban for your security audit and excellent ideas!
- Major bug fix. lshell did not launch on python 2.4 and 2.5 (sourceforge)
- Added aliases for commands over SSH.
- Cleaned up the Python code
- Corrected crash when directory permission denied (sourceforge)
- Added possibility to set the
home_pathoption using the%uflag (e.g./var/chroot/%uwhere%uwill be replaced by the user's username) - Now replaces
~by user's home directory.
- Major security fix. User had access to all files located in forbidden directories (sourceforge)
- Corrects RPM generation bug (sourceforge)
- lshell exits gracefully when user home directory doesn't exist
- Minor release
- Changed lshell's group from
lshellgtolshell(this should not have an impact on older installations) - Minor typo correction in the
lshell.pycode
- Log file name is now configurable using
logfilenamevariable inside the configuration file - Corrected aliases in
lshell.confto work with *BSD
- Corrected major bug (alias related)
- Added Force SCP directory feature
- Added command alias feature
loglevelcan now be defined on global, group or user level- Corrected sftp support (broken since in 0.9.0)
- As lshell has reached the point where it can be considered as a nearly stable software. I decided to make a version jump to 0.9.0
- Corrected bug in case
PATHdoes not exist andallowedset toall - Added support for UNIX groups in configuration file
- Cleaned up code
- Corrected major security bug
- Corrected path completion, to complete only allowed path simplified the
check_secureandcheck_pathfunctions - Added escape code handling (tested with ftp, gdb, vi)
- Added flexible +/- possibilities in configuration file
- Now supports completion after
|,;and& - Command tests are also done after
|,;and& - Doesn't list hidden directories by default
- There are now 4 logging levels (4: logs absolutely everything user types)
- Added
strictbehavior. If set to 1, any unknown command is considered as forbidden, as warning counter is decreased.
- Added
allto allow all commands to a user - Added backticks in
lshell.conf - Changes made to
setup.pyin version 0.2.5 were undone + added classifiers
- Corrected import readline [bug]
- Added log directory instead of a logfile
- Created log levels (0 to 3)
setup.pyis now BSD compatible (using--install-dataflag)
- NEW:
oversshin config file. Allows to set commands allowed to execute over ssh (e.g. rsync) - Fixed timer
- Added python logging method
- Cleaned code
- Cleaner "over ssh commands" support (e.g. scp, sftp, rsync, etc.)
- Corrected completion
- Added
[global]section in configuration file
- Corrected SCP functionality
- Added SFTP support
passwdis not mandatory in configuration file (deprecated)- lshell is now added to
/etc/shellsusingadd-shell
- Corrected rpm & deb builds
- Added a manpage
- Initial debian packaging
- Added config and log option on command line (
-c|--configand-l|--log) - Initial source packaging using distutils
- Initial rpm packaging using distutils
- Added file completion
- Added a history file per user
- Added a logging for warnings and log in/out
- Added prompt update when user changes directory (bash like)
- Corrected the
check_pathfunction - Changed user setting from global variable to dict
- Added a default profile used when a parameter is not set for a user
- Added a shell script useful to install and manage lshell users
- Added environment path (
env_path) update support - Added home path (
home_path) variable
- Corrected class declaration bug and configuration file location
- Updated the README file with another usage of lshell
- Added a path variable to restrict the user's geographic actions
- MAJOR: added SCP support (also configurable through the config file)
- MAJOR: Added the
helpmethod - Did some code cleanup
- Initial release of lshell