File: changelog

package info (click to toggle)
unhide 20130526-4
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 452 kB
  • sloc: ansic: 3,577; sh: 138; makefile: 23
file content (370 lines) | stat: -rw-r--r-- 13,158 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
2013-05-26
  unhide-posix.c
  - Transform 'ret' in global variable to avoid warnings
    (note: ret variable was added to avoid warnings with some over pedantic 
     version of glibc and is otherwise useless).

2013-05-24
  unhide-tcp.8 (spanish version), LEEME.txt
  - update according to english version.

2013-03-03
  unhide-posix.c
  - Bugfix : Correct app name in banner of unhide-posix.
  
  unhide-tcp.c
  - Continue to simplify packager job: 
      * on FreeBSD use sockstat instead of fuser, which doesn't show info on internet socket
        on this system.

  README.txt, LISEZ-MOI.txt
  - Add list of build-requires and use-requires
  
  unhide-tcp.8 (french and english version)
  - Add notes upon FreeBSD.
  
2013-02-03
  unhide-output.h
  - Bugfix : include <stdarg.h>, some old glibc need it
  
  unhide-posix.c, unhide-output.c, unhide-tcp.c
  - Simplify packager job: 
      * put OS specific command between #ifdef (they were previously commented), 
      * don't use ss by default in unhide-tcp if OS is not linux,
      * on FreeBSD use sockstat instead of fuser, which doesn't show info on internet socket
        on this system.
  
  make_tarball.sh
  - Change '_' to '-' in the name of the tarball
  - Make sure that unhide files are in a unhide-YYYYMMDD directory.

2012-12-29
  Promote unhide-tcp-double_check.c as official version of unhide-tcp. Old version 
  is still available as unhide-tcp-simple-check.c
  
  unhide-linux, unhide-posix, unhide-tcp, unhide-tcp-simple-check, unhide_rb :
  - update date of the version for official release.
  

2012-12-18
  unhide-linux, unhide-posix, unhide-tcp, unhide_rb :
  - update date of the version
  unhide-tcp :
  - Suppress 1 warning with some over pedantic version of glibc. 

2012-12-12
  unhide-linux :
  - In unhide-linux-syscall, transform ret in global variable to avoid warning
    (note ret variable was added to avoid warning with some over pedantic version of glibc
     ans is otherwise useless).
     Correct sched_getaffinity test in checkallnoprocps (it tested ret instead of errno).
  unhide-tcp :
  - Avoid to display the banner twice. 
  unhide_rb :
  - Suppress warning. 

2012-12-07
  unhide-linux :
  - Remove sysinfo from quick and sys test as it may give false positive.

  unhide-tcp :
  - Nice ourself to -20 to limit race condition while probing ports. 

2012-10-07
  unhide-linux :
  - Go back to multi-lines output in printbadpid in order to display more known
    information about the process.

2012-10-03
  unhide-linux :
  - Fix the name displayed for kernel thread (we used /proc/PID/wchan instead of
    /proc/PID/comm).

2012-09-05
  unhide-linux, unhide-tcp :
  - Add test to verify we're run by root.

2012-09-02
  unhide-linux :
  - Remove useless calls to feof().
  - Split unhide-linux.c in 5 files :
    * unhide-linux-bruteforce.c
    * unhide-linux.c
    * unhide-linux-compound.c
    * unhide-linux-procfs.c
    * unhide-linux-syscall.c
  - Add option '-o' as synonym for '-f'
  - Add a parse_arg() function which use getopt_long().
  - For found hidden processes, display the user and the working directory
    as extracted from the process environment.

2012-08-31
  unhide-linux :
  - Use unhide-output routines for display and log.
  - Change logfile filename to 'unhide-linux_AAAA-MM-DD.log'
  - Add header file for unhide-linux

2012-08-22
  unhide-tcp :
  - Change the default tools to be ss instead of netstat.
  - Replace option '-s' (use ss) by option '-n' (use netstat).
  - Change option '-q' in '-s' with the same effect   
  
2012-06-03
  unhide-tcp :
  - Thanks to a patch of Leandro Lucarella and additional work from 
    the unhide team, a major rewriting was done :
    * Factorization & clean-up of the code
    * Split the code in 4 files : unhide-tcp.c, unhide-fast.c, unhide-output.c
      & unhide.h
    * Add a new method for scanning ports via option '-q'
  - Add a option '-s' to use ss command instead of nestat.
  - Use getopt_long() to parse options and then add long option strings.
  - Change logfile filename to 'unhide-tcp_AAAA-MM-DD.log'
  - Many minor bug fixes (mainly display ones)
  
2012-03-18
  unhide-linux26.c, unhide-posix.c, unhide-tcp.c :
  - Change copyright attribution.

  unhide_rb.c :
  - Add banner display at start.

  unhide-linux26.c :
  - Change reserved process reserved for kernel from 299 to 300 for brute test.
  - Add "-d" option for doing a double check in brute test, this reduce false positive number.
    Thanks to François Boisson for the idea.
  - Change log file name to unhide-linux.log

  Documentation changes :
  - Add example section in manpages.
  - Indicate in bug section of manpages, the potential problem with sysinfo test.

2012-03-17
  Important changes :
  - Rename unhide-linux26.c to unhide-linux.c and unhide.c to unhide-posix.c.
  - Update readme files and manpages to reflect the renaming
  - Add unhide_rb description to readme files.

2012-03-11
  unhide-linux26.c :
  - Correct the number of processes displayed for /proc counting in sysinfo test.

  unhide.c :
  - Correct banner (POSIX -> UNIX).

  Documentation changes :
  - Update README.txt, LISEZ-MOI.txt and LEEME.txt to clarify difference between
    unhide and unhide-linux26.

2012-03-10
  unhide-linux26.c :
  - Fix pedantic compilation warnings reported when using recent version of glibc.
  - Change report messages of checksysinfoX tests to make them clearer.
  - Update banner to indicate this version is for system using Linux >= 2.6

  unhide.c :
  - Update banner to indicate this is legacy version of unhide for system using
    Linux < 2.6 or other UNIX system.
  - Fix compilation warnings

2011-10-31
  unhide-linux26.c :
  - Add copyright and license output.

  unhide-tcp.c :
  - Add copyright and license output.
  - Add -v, -V, -h, -l, -f, -o command line options.
  - Add the capability to output fuser (-f) and/or lsof (-l) output for hidden port.
  - Add the capability to create a log file (-o). File name is unhide-tcp.log

  Documentation changes :
  - Add a french manpage for unhide-tcp.
  - Complete english manpage of unhide-tcp to reflect changes.
  - Minor corrections in french manpage of unhide.
  - Change compile command of unhide-tcp in README.txt, LISEZ-MOI.txt and LEEME.txt.
  - Add info on unhide_rb in README.txt, LISEZ-MOI.txt and LEEME.txt.
  - Update NEWS file.

2011-02-08
  Documentation changes :
  - Add a NEWS file

2011-01-13
  All files :
  - Replace reference to SourceForge with reference to new unhide web site in version string

  man pages :
  - Add spanish man pages

2010-11-21
  unhide-linux26.c :
  Development changes :
  - Minor readability when generating program info for display

2010-11-21
  unhide-linux26.c :
  User visible changes :
  - Add additional check to checkopendir when -m is specified.
  - Correct warning message in additional check of checkchdir.
  - Add sourceForge project URL in header

  unhide.c :
  - Add GPL disclaimer.

  unhide-tcp.c :
  - Add GPL disclaimer.

  Documentation changes :
  changelog :
  - Fix an omission in 2010-11-14 Internal changes

  man pages :  Development changes :

  - update french and english man pages wrt '-m' option and checkopendir

  Development changes :
  - Correct message of test#1 of sanity.sh
  - Use procall in test#2 of sanity.sh instead of proc

2010-11-14
  unhide-linux26.c :
  User visible changes :
  - Add ending time to log file.
  - Add execution header to log file.
  - Change date format to ISO 8601 one's in log file.
  - Add warning, when selected, to log file.
  - Update english and french man page to reflect the add of '-f' option.

  Internal changes
  - Close log file only if it is open.
  - Factorize (f)printf to stdout & log.

  Documentation changes :
  README.txt & LISEZ-MOI.TXT
  - Minor clarifications.
  - Add description of all the files included in unhide

  Development changes :
  - Add a preliminary testsuite for unhide (sanity.sh)

2010-11-09
  unhide-linux26.c :
  User visible changes :
  - Add a option (-f) to create a log file.

2010-10-16
  Documentation changes :
  LEEME.txt :
  Correct compilation instruction.
  Add reference to sourceforge site.

  README.txt
  Add reference to sourceforge site.
  Correct typo.

  LISEZ-MOI.TXT
  Ajout du fichier

2010-09-23
  unhide-linux26.c :
  User visible changes :
  - Add reference to sourceforge path to version string

  Documentation changes :
  - Update man page to reflect all the change made so far.

2010-09-23
  unhide-linux26.c :
  User visible changes :
  - Add checkopendir test (also called by procfs and procall compound test)
  - Also do opendir() test in reverse and quick tests.
  - Add alternate sysinfo test (via -r option or checksysinfo2 test name)
    It's a reorganised checksysinfo() to put uncritical instructions out of the critical part
    It might (or not) work better on kernel patched for RT, preemption or latency.
  - Make the output of hidden process on one line to facilitate parsing
  - Display wchan if there is no cmdline and no exe link (sleeping kernel threads)
  - Add -V version to show version and exit.
  - The -v option can now be given more than once on command line.
  - Correct the value returned by unhide
  - Add the misssing new lines in most of the warnings (thanks to gordy for the report).
  - Completely redo args parsing : now several tests can be simultaneously
    entered on the command line.
  - Add all elementary tests to the command line test list
  - Add procall compound test command line args.

  Internal changes
  - Use printbadpid() in checkallnoprocps() as in other tests.
  - Check the return of fgets in checkallreverse(), check of feof seems not to be
     very reliable for a pipe, we sometime got the last line 2 times (thanks to gordy for the report).
  - Also check it in checksysinfo & checksysinfo2
  - Simplify and clarify test checksysinfo()
  - Check for our own spawn ps process in reverse test to avoid false positive.
  - Enhanced fake process detection in reverse test.
  - Add a tests table to allow new command line parsing.
  - Add management of several verbosity level.
  - Correct a copy/past "typo", in checkps
  - Correct an initialized fd use, that gcc don't report when -O2 isn't given on command line
  - Minor optimizations of printf & sprintf calls.

  Documentation changes :
  - Add a warning about the generic version of unhide in README.txt (thanks to gordy for the report)
  - Modify man page to add the -V option, correct typos and clarify quick test.
  - Add -O2 option to compiling command line in README.txt
  - Add a TODO file

2010-08-19
  unhide-linux26.c :
  - Add GPL v3 Disclaimer
  - Add new test 'procfs' (via readdir & chdir)
  - Add new test 'reverse'
  - Add new test 'quick'
  - Add option verbose (-v) to allow warning display
  - Add option morecheck (-m), only affect procfs test for now
  - Add option help (-h)
  - Displace usage in usage() function
  - Add Changelog file (this file)
  - Rewamp command line parsing in main()
  - Change checkps() parameter to allow more scalability
  - Minor optimization in brute(), we tried to create 300 more processes than available.
  - Minor optimization : avoid to test our own PID
  - Update the man page and README.txt to reflect changes.

2010-02-01
  unhide-linux26.c :
  - Threads Brute Force added
  - Add needed stuff (includes, defines, ...) to eliminate compilation warning.  (Thanks to J. Walles)
  - Correct a typo in checkps() where fich_tmp is used in place of fich_pgid (Thanks to  P. Gouin)
  - Corrected several FD leaks where files or pipes are read and closed even if they have failed to open. (Thanks to W. Doekes  & P. Gouin)
  - Add warning messages if file or pipe fails to open (compatible with rkhunter use of unhide) (Thanks to W. Doekes & P. Gouin)
  - Add warning messages if a test is skipped (compatible with rkhunter use of unhide). (Thanks to P. Gouin)
  - Correct removing of leading spaces which tests one char too far for end of string in checkps(). (Thanks to P. Gouin)
  - Close fd in get_max_pid().   (Thanks to P. Gouin)
  - Close cmd_file in printbadpid().  (Thanks to P. Gouin)
  - Add display of test name in checkallnoprocps().  (Thanks to P. Gouin)
  - Close fich_processo in checksysinfo() (Thanks to W. Doekes)
  - Avoid potential buffer overflow in checksysinfo()  (Thanks to W. Doekes)
  - Correct allpids[] initialization in brute()  (Thanks to W. Doekes)
  - Modify brute as modifying allpid from within the forked process may have undefined results (Linux vfork() man page) (Thanks to P. Gouin)
  - Add return to main()  (Thanks to W. Doekes)
  - Optimizations (Thanks to P. Gouin)

2009-08-10 (BETA)
-Improved maxpid routine (Thanks to Jan Iven)
-Improved false positives detection (Thanks to Jan Iven)
-Kill() syscall added (Thanks to Jan Iven)
-Fixed sched_getaffinity() bug (Thanks to Jan Iven)
-Some minor bug fixes

2008-05-19
-Fixed a race condition bug that showed false positives (Thanks to Johan Walles)
-Added manpages (Thanks to Francois Marier)

02-11-2007
-Minor bugfixes
-License added
-sysinfo() syscall added

28-12-2005
-Initial Release