unix-privesc-check/docs/CHANGELOG
2012-12-20 15:42:13 -07:00

454 lines
16 KiB
Plaintext

2012-11-14 unix-privesc-check trunk
* Tidied docs/CHANGELOG
* Updated docs/HACKING
* Tidied upc.sh
* Added tools/generate_docs.sh to generate stub documentation for
lib/misc/* and lib/checks/*
-- Tim Brown <timb@nth-dimension.org.uk>
2012-11-05 unix-privesc-check trunk
* Add support for PostgreSQL
* Added lib/checks/postgresql_configuration
* Added lib/checks/postgresql_connection
* Added lib/checks/postgresql_trust
* Added lib/misc/postgresql
* Added lib/misc/ldap and lib/checks/ldap_authentication
* Added lib/misc/nis and lib/checks/nis_authentication
* Added lib/checks/privileged_arguments to verify if textual
privileged files (like bash scripts) accept arguments from command line
* Added lib/misc/init and support in lib/misc/privileged
* Added security check to verify device mount options: dev, suid, user
* Added function file_is_basename to lib/misc/file
* Renamed lib/checks/devices to lib/checks/devices_permission
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
2012-11-02 unix-privesc-check trunk
* Bug fix: uname on Solaris returns SunOS
* Added lib/misc/device and lib/checks/devices to verify world-readable and
world-writable permission on all device files including swap device(s)
* Improved lib/misc/cron to correctly handle PATH variable from /etc/crontab
and to differentiate programs lauched by /etc/crontab with
/etc/cron.[hourly|daily|monthly]
* Added lib/checks/privileged_environment_variables to verify if textual
privileged files (like bash scripts) use environment variables
* Improved lib/checks/privileged_tmp to also process textual privileged
files (like bash scripts)
* Added binary_matches_string_grep function to lib/misc/binary to avoid
interpreting the pattern as an extended regular expression
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
2012-11-01 unix-privesc-check trunk
* Bug fix: Return value in lib/misc/binary
* Bug fix: Avoid recursing the linker_list_dependencies function
* Added lib/misc/inittab and support in lib/misc/privileged
* Improved lib/checks/system_configuration check to display also sensitive
directories and their content
* Improved lic/checks/system_configuration to notify about writable
configuration files by non-root users
* More detailed stdout messages for file owner condition across
lib/checks/*
* Updated the lib/misc/shadow and lib/checks/shadow_hash to display a
warning message when the password hashes file is readable
* Cleaned the code of libs/checks/privileged_dependency
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
2012-10-31 unix-privesc-check trunk
* Added lib/misc/cron to parse /etc/cron*, /var/spool/cron/crontabs/*,
crontab -l and used it in lib/misc/privileged
* Enhanced process_show_command function to process /proc/PID/environ and
return script file path instead of ruby, perl, bash, etc
* Added parse_environ_cwd function to parse /proc/PID/environ file and
extract the process current working directory
* Added a preliminary check to all functions that call objdump to ensure
the file is not a textual file (like a bash script, etc)
* Added other file paths to check for permissions in
lib/checks/system_configuration
* Added file_is_directory function to lib/misc/file
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
2012-10-30 unix-privesc-check trunk
* Added lib/checks/sudo to verify permissions on /etc/sudoers and its
entries
* Added functions to parse /etc/sudoers to lib/misc/sudo
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
2012-10-28 unix-privesc-check trunk
* Added lib/checks/history_readable to list all readable .*_history
files
* Added lib/checks/homedirs_executable and lib/checks/homedirs_writable
* Added lib/checks/system_configuration to list writable permissions on
system configuration files and directories
* Added support for --verbose switch
* Added passwd_show_homedir function to lib/misc/passwd
* Aligned test types (symlinks) to all recently developed security checks
* Bug fix: group_is_in_group_name function
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
2012-10-22 unix-privesc-check trunk
* Added lib/checks/privileged_nx
* Added lib/checks/privileged_relro
* Added lib/misc/kernel
* Added lib/checks/system_aslr
* Added lib/checks/system_mmap
* Added lib/checks/system_nx
* Added lib/checks/system_selinux
* Added permission_is_world_writable_sticky_bit function to
lib/misc/permission
* Added support to verify sticky bit against world-writable directories
* Renamed lib/checks/banned_* to lib/checks/privileged_*
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
2012-10-22 unix-privesc-check trunk
* Added lib/misc/validation and modified lib/misc/* to use it.
The aim is to sanity check that libraries are being called
correctly. We can improve this over time
* Bug fix: Renamed validation_is_regex to validation_matches_regex
in lib/misc/validation
* Bug fix: validation_matches_regex test was wrong, should be -n
not -r in lib/misc/validation
* Bug fix: Added inclusion checks to prevent multiple inclusions
* Bug fix: Changed lib/misc/* to catch data returned by
validate_is_*
* Removed unnecessary calls to file_check_or_generate_cache in
lib/misc/checks/*
* Updated symlinks for different types of scan
* Removed tools/banned.h
* Tidied up formatting
* Fixed AIX specific bug with checking users don't have a password
of ! in lib/checks/passwd_hashes
-- Tim Brown <timb@nth-dimension.org.uk>
2012-10-21 unix-privesc-check trunk
* Added library to parse patterns, for now implements only one function to
extract and return all absolute file paths, parse_extract_absolute_filepaths
* Added lib/misc/sudo
* Added sudo support to lib/misc/privileged
* Added lib/misc/user
* Added lib/misc/group
* Added lib/misc/permission
* Added file_is_readable function to lib/misc/file
* Added two functions to lib/misc/file
* file_exists_file and file_is_regular_file
* Added validate_is_boolean function to lib/misc/validate
* Added support for --color switch to enable output coloring
* Updated lib/checks/jar and lib/checks/key_material
* Removed one cycle, minor refactoring and use lib/misc/user and
lib/misc/group
* Ported all calls to id command through the code to their relevant
user/group libraries functions
* Bug fix: Missing import bug in lib/checks/binary_rpath
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
2012-10-21 unix-privesc-check trunk
* Bug fix: Changed $VERSION to ${VERSION} etc in upc.sh
* Removed old TODOs from lib/checks/set[ug]id
* Bug fix: Removed symlink exclusion in lib/misc/file cache
generation
-- Tim Brown <timb@nth-dimension.org.uk>
2012-10-20 unix-privesc-check trunk
* Minor improvements to lib/misc/linker
* Bug fix: Avoid using file as variable name
* Bug fix: Use grep instead of egrep in one file function
* Consolidated the stdout to clarify where the warning message throughout
lib/checks/binary_*
* Improved lib/checks/key_material and lib/checks/jar to show more detailed stdout
* Major speedup to lib/checks/group_writable and lib/checks/world_writable
* Re-engineered lib/checks/binary_dependency
* Improved lib/checks/binary_rpath and lib/checks/binary_writable to also verify
write access by non-root users
* Refactored lib/checks/system_libraries code
* Added function to check for SSH key files permissions to lib/checks/ssh_agent
* Renamed lib/checks/ssh_key_unencrypted to lib/checks/ssh_key
* Consolidated lib/checks/ssh_agent and lib/checks/ssh_key checks to also
show encrypted key files
* Removed exclusions from lib/checks/credentials
* Created lib/misc/file function file_is_textual
* Improved file_show_symlinked_filename function to be recursive and always
return the real linked filename
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
2012-10-19 unix-privesc-check trunk
* Re-engineered check lib/checks/binary_rpath
* Fixed the file_parent_traverse function call in lib/checks/binary_writable
and lib/checks/system_libraries
* Fixed some more checks' descriptions
* Bug fix: Syntax fix in lib/misc/binary
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
2012-10-18 unix-privesc-check trunk
* Tidied up upc.sh, added an additional error check
* Purged dummy, replaced with _ after suggestion from BDA
* Bug fix: No longer considers "enabled" as a check
* Changed lib/misc/privileged to split out cache generation so that it
happens on inclusion
* Bug fix: Removed unintentional trailing space from file cache
-- Tim Brown <timb@nth-dimension.org.uk>
2012-10-18 unix-privesc-check trunk
* Bug fix: Fixed regexp patterns to avoid returning directories in
lib/misc/privileged and lib/misc/file
-- <pentestmonkey@pentestmonkey.net>
2012-10-18 unix-privesc-check trunk
* Added check lib/checks/binary_writable
* Bug fix: Proper use of dirname in file_show_symlinked_filename function
* Bug fix: Replaced STDIN redirection with cat for inetd configuration
files parsing in lib/misc/linker
* Bug fix: Avoid escaping a path with an asterisk in lib/misc/ssh_agent
* Refactored check lib/checks/system_libraries code
* Refactored check lib/checks/world_writable code
* Refactored check lib/checks/binary_dependency code
* Refactored checks lib/checks/setuid and lib/checks/setgid code
* Improved a lot speed of lib/checks/jar and lib/checks/key_material
* Improved lib/misc/ssh_agent to work on recent Linux distributions too
and inspect /tmp folder for both SSH agent parent process and pid-1
* Avoid duplicate processes entries in lib/misc/privileged
* Improved regular expression patterns throughout the code
* Added --check and --version switches to upc.sh
* Added description to missing checks
* Added verbose comment to lib/checks/ssh_key_unencrypted with suggestions
for improvements
* Set subversion properties on all missing files
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
2012-10-18 unix-privesc-check trunk
* Changed lib/misc/shadow to favour 1 egrep over 2 greps
-- Tim Brown <timb@nth-dimension.org.uk>
2012-10-17 unix-privesc-check trunk
* Added lib/checks/binary_path
* Added lib/checks/binary_random
* Changed stdio_message_error to output to STDERR
in lib/misc/stdio
* Removed date from output (reverting BDA change)
* Updated lib/misc/ssh_agent
* Updated lib/misc/shadow
* Updated lib/misc/process (reverting BDA change)
* Updated lib/misc/privileged (partially reverting BDA change)
* Kept the caching code
* Kept variable name changed to make the code more readable
* Updated lib/misc/passwd
* Updated lib/misc/linker (reverting BDA change)
* Updated lib/misc/inetd (reverting BDA change)
* Updated lib/misc/dependencies to disable for now. The
principal is solid, but it needs more consideration.
For example, why does only lib/misc/binary need dependencies,
what happens on non-Linux systems etc
* Added docs/HACKING. I will need to work on it but it should
help to smooth the path for new hackers :)
* Updated lib/misc/file (partially reverting BDA change)
* Kept symlink related code
* Kept permissions related code
* Changed lib/misc/privileged to use file_list_by_perms
correctly. Bonus, reduction of loops
-- Tim Brown <timb@nth-dimension.org.uk>
2012-10-17 unix-privesc-check trunk
* Added binary_banned_api function to lib/misc/binary
* Added file_show_symlinked_file function to lib/misc/file
* Added code comments to lib/misc/file
* Added cashing mechanism to lib/misc/privileged
* Added file headers throughout the source code
* Added checks' description in comment headers
* Added date to standard output function
* Added an error message log function
* Added notification of needed dependencies (binutils package)
* Narrowed down regular expression patterns in some checks
* Refactored check lib/checks/credentials code and exclude man pages and
python/ruby/perl libraries
* Refactored check lib/checks/binary_dependency code
* Refactored check lib/checks/group_writable code
* Removed unnecessary Linux-specific code from lib/misc/process
* Standardized checks' standard output and removed unnecessary lines
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
2012-09-23 unix-privesc-check trunk
* Bug fix: Changed from stdio_message_debug to stdio_message_warn
in lib/checks/binary_banned
* Bug fix: Incorrect symlink checking in binary_dependency,
binary_rpath, world_writable and group_writable
* Added support for PIE to lib/misc/binary
* Added lib/checks/binary_pie
-- Tim Brown <timb@nth-dimension.org.uk>
2012-09-22 unix-privesc-check trunk
* Started adding --help
* Removed date from output
* Bug fix: Changed $1 to ${1} etc
* Added message when generating cache
* Bug fix: Checking wrong variable in lib/misc/process
* Added lib/misc/privileged
* Changed string checks from "" to -n etc
* Standardised variable names
* Changed how checks are enabled, it is now possible to have
different types of scan using --type
* Added check for encryption to lib/checks/ssh_key_unencrypted
* Renamed lib/checks/binary_changeprivs to
lib/checks/binary_change_privileges
* Updated docs/COPYING.UNIX-PRIVESC-CHECK to reference
version 1 explicitly. This will allow version 2 into
Debian and other free distributions
* Added lib/checks/binary_banned
* Added check for lack of XXX in lib/checks/tmp
* Added check for DT_RUNPATH to lib/checks/binary_rpath
* Started work on porting lib/misc/* to Solaris
-- Tim Brown <timb@nth-dimension.org.uk>
2012-09-11 unix-privesc-check trunk
* Branching 1.x at revision 26
* 2.0 released
* Bug fix: Typo in lib/checks/binary_dependency
* Improved output of lib/checks/system_libraries,
lib/checks/binary_dependency, lib/checks/binary_rpath
-- Tim Brown <timb@nth-dimension.org.uk>
2010-12-30 unix-privesc-check trunk
* Bug fix: Cleaned up a typo
* Added support for fscaps
* Updated CHANGELOG
-- Tim Brown <timb@nth-dimension.org.uk>
2010-11-09 unix-privesc-check trunk
* Bug fix: False positive if svn.simple directory is empty
-- <pentestmonkey@pentestmonkey.net>
2010-11-04 unix-privesc-check trunk
* Added unique issue numbers. Should help to generate reports
-- <pentestmonkey@pentestmonkey.net>
2010-04-17 unix-privesc-check trunk
* Bug fix: Now checks HP-UX swap permissions correctly
* Bug fix: Cleaned up a few typos
-- Tim Brown <timb@nth-dimension.org.uk>
2010-09-27 unix-privesc-check trunk
* Added check for cleartext subversion passwords in home directory
-- <pentestmonkey@pentestmonkey.net>
2010-01-06 unix-privesc-check trunk
* Added support for exploit mitigations (HP-UX and Solaris)
* Checks if shadow and passwd are writable, thanks jdv
* Checks for SetUID shell scripts which might be racey
* Improved NX and SSP checks (Linux only)
* Bug fix: Cleaned up a few typos
-- Tim Brown <timb@nth-dimension.org.uk>
2009-09-23 unix-privesc-check trunk
* Bug fix: Cron jobs starting with '(' parsed properly
* Checks perms on Java classpath
-- <pentestmonkey@pentestmonkey.net>
2009-09-06 unix-privesc-check trunk
* Added MMAP allows map to 0 exploit mitigation (Linux ATM)
* Added SELinux exploit mitigation (Linux only)
-- Tim Brown <timb@nth-dimension.org.uk>
2009-07-30 unix-privesc-check v1.5
* Initial AIX support added
* Check for exploit mitigations (Linux only ATM)
* Brain dumped some more interesting things to check for into TODOs
* Bug fix: Fixed typos in comments
* Added SSP exploit mitigation (Linux only ATM)
-- Tim Brown <timb@nth-dimension.org.uk>
2008-11-23 unix-privesc-check v1.4
* Added check of file perms of shared libraries used by SUID programs
* Tidied output slightly
2008-11-09 unix-privesc-check v1.3
* Bug fix: Parts of the script only worked with /bin/bash and not /bin/sh
* Bug fix: Fixed typos in reporting for privescs via cron
2008-07-06 unix-privesc-check v1.2
* Added check of library dirs (/etc/ld.so.conf) for Linux
* Crude check of programs called from shell scripts
* Check of libraries used by each binary program (using ldd)
* Check of hard-coded paths within binaries (using strings)
* More verbose WARNING messages. All the explanation for a WARNING
should now be on one line so you can grep for 'WARNING' and still
understand the results
* Check of file perms on open file handles of running processes
* Check for running SSH agent. Lists keys if possible
* Check for public and private SSH keys in home directories
* Check for running GPG agent
* Check for cron jobs in /var/spool/cron/tabs
* Extra non-priv check for local postgres trusts
* Bug fix: lanscan now used on HPUX to get interface names
* Check if system is an NFS client (HPUX only)
* Check if swap space is readable / writable
2008-04-17 unix-privesc-check v1.1
* Added check for accounts with no password in /etc/passwd
* Record some basic info about the host (hostname, uname -a, interface IPs)
2008-02-01 unix-privesc-check v1.0
* Initial public release