/[mwsec]/trunk/glexec/NEWS
ViewVC logotype

Contents of /trunk/glexec/NEWS

Parent Directory Parent Directory | Revision Log Revision Log


Revision 18375 - (show annotations) (download)
Wed Apr 22 14:55:05 2015 UTC (3 years, 8 months ago) by msalle
File size: 11422 byte(s)
Update NEWS file

1 Version 0.9.12
2 --------------
3 Bugfixes / Improvements:
4 - various small changes to fix compiler and cppcheck warnings.
5 - fix log message when user has no home directory.
6
7 Version 0.9.11
8 --------------
9 Bugfixes:
10 - glexec-configure cannot configure for cURL+NSS as on RH6.
11 See https://bugzilla.nikhef.nl/show_bug.cgi?id=20
12 - maximum id_t is incorrectly determined on Solaris (part of the safefile
13 library).
14
15 Improvements:
16 - numerous improvements to glexec-configure
17 - some improvements in the glexec-lcas-compound test suite
18 - add banning plugins to template lcmaps-glexec.db
19 - backup original glexec.conf (and lcmaps-glexec.db) when installing and install
20 glexec.conf with the advertised settings instead of the old-style settings.
21 - add proper setting of feature macros for (among others) dirfd prototype, using
22 test for POSIX2008.
23
24 Version 0.9.10
25 --------------
26 Bugfixes:
27 - when no log_destination is set, openlog() is not always called before LCMAPS,
28 which will then log with syslog defaults.
29 See https://bugzilla.nikhef.nl/show_bug.cgi?id=19
30
31 Improvements:
32 - Update to newer version of Jim Kupsch' safefile (now version 1.0.5)
33 - Some internal refactoring to fix compiler warnings (casts and _XOPEN_SOURCE
34 definitions).
35 - Update the glexec-lcas-lcmaps-compount-test.sh script:
36 * properly put back glexec.conf and settings of glexec binary
37 * put all other files (db, log etc.) in custom temporary directory: only
38 glexec.conf is hard-coded
39 * update some of the errors and warnings printed (or add them).
40 * internal cleanup to make code somewhat cleaner.
41
42 Version 0.9.9
43 -------------
44 Bugfixes:
45 - gLExec incorrectly handles MALLOC_ variables in the input, failing instead of
46 cleaning them. See https://bugzilla.nikhef.nl/show_bug.cgi?id=16
47 - it incorrectly handles extremely long environment variables.
48
49 Improvements:
50 - When cleaning the environment fails, it logs the reason, instead of returning
51 it to the user.
52
53 Version 0.9.8
54 -------------
55 Bugfixes:
56 - potential crash for very large configurations.
57 - improve handling of type-conversions (some potential issues with
58 signed-unsigned were uncovered).
59 - protect against partial output from LCMAPS.
60 - glexec-configure.sh should create /etc/lcmaps if it does not exist.
61
62 Version 0.9.7
63 -------------
64 Improvements:
65 - Only log how we tried to open config file if it failed, preventing
66 uninteresting log entries in syslog.
67
68 Version 0.9.6
69 -------------
70 Bugfixes:
71 - umask was not reverted in non-linger mode.
72
73 Version 0.9.5
74 -------------
75 Bugfixes:
76 - Fix broken lcmaps-glexec.db produced by glexec-configure.sh script
77
78 Improvements:
79 - lower loglevel when homedir of payload does not exist from warning to info
80
81 Version 0.9.4
82 -------------
83 Bugfixes:
84 - specifying preserve_env_variables in the glexec.conf caused a segfault.
85
86 Improvements:
87 - Update location of wiki pages in man pages.
88
89 Version 0.9.2
90 -------------
91 Bugfixes:
92 - When either stdin, stdout or stderr is closed, a directory or opened in the
93 wrong mode (readonly for out or writeonly for in) then gLExec (re)opens
94 /dev/null instead.
95
96 Improvements:
97 - Install also manpage for glexec-configure
98
99 Version 0.9.1
100 -------------
101 Bugfixes:
102 - Signal handling code is greatly improved to prevent lockups.
103
104 Version 0.9.0
105 -------------
106 This version introduces several new features. The preferred and advised run-mode
107 is linger mode with gLExec doing the userswitch. This is the most secure, simple
108 and versatile run-mode. It means that LCMAPS should NOT run the posix_enf
109 plugin.
110
111 New functionality
112 - epilogue functionality:
113 - When a absolute path to a root-trusted file is specified as epilogue in
114 the config file, it will be run after the payload has finished.
115 - It can optionally run as a different user and/or group which then are also
116 trusted concerning the binary writability.
117 - It runs for a maximum time of epilogue_timeout (default 300 seconds) after
118 which it is send a SIGTERM.
119 - It will have /dev/null as stdin, stdout and stderr. It is for the epilogue
120 itself to take care of its logging.
121 - The epilogue process will run with the target environment.
122 - In addition it will have a number of special other variables named
123 GLEXEC_EPILOG_* which contain information about the payload process,
124 calling account and target account is put in the environment for the
125 epilogue process:
126 GLEXEC_EPILOG_GLEXEC_CWD startup dir of gLExec
127 GLEXEC_EPILOG_GLEXEC_USER calling username
128 GLEXEC_EPILOG_GLEXEC_GROUP calling primary groupname
129 GLEXEC_EPILOG_TARGET_USER target username
130 GLEXEC_EPILOG_TARGET_GROUP target primary groupname
131 GLEXEC_EPILOG_GLEXEC_PID gLExec process ID
132 GLEXEC_EPILOG_GLEXEC_SID gLExec session
133 GLEXEC_EPILOG_GLEXEC_PGID gLExec process group
134 GLEXEC_EPILOG_GLEXEC_UID calling uid
135 GLEXEC_EPILOG_GLEXEC_GID calling primary gid
136 GLEXEC_EPILOG_GLEXEC_SGIDS calling secondary gids, colon separated
137 GLEXEC_EPILOG_TARGET_UID target uid
138 GLEXEC_EPILOG_TARGET_GID target primary gid
139 GLEXEC_EPILOG_TARGET_SGIDS target secondary gids, colon separated
140 GLEXEC_EPILOG_ARGC argc of payload
141 GLEXEC_EPILOG_ARGV<N> argv of payload
142 GLEXEC_EPILOG_TARGET_PID payload process ID
143 GLEXEC_EPILOG_TARGET_PGID payload process group
144 GLEXEC_EPILOG_TARGET_RC payload exit code
145 - When using process groups (default, use_setpgid=yes) both payload and
146 epilogue will run in a separate process group equal to their PID.
147 - A non-zero exit status of the epilogue will always result in a gLExec exit
148 code of 202.
149 - new options related to epilogue, see man glexec.conf(5)
150 epilogue (empty: no epilogue)
151 epilogue_user (default root)
152 epilogue_group (default root)
153 epilogue_timeout (default 300 seconds)
154 in addition, also the sighandling options influence the epilogue.
155
156 - implementing signal handling:
157 - most signals, are
158 forwarded to payload or epilogue (when present).
159 - SIGINT, TERM etc. will gracefully terminate the payload/epilogue by first
160 sending a SIGTERM to the child process (group) and allowing a gracetime of
161 term_delay before sending a SIGKILL. After the SIGKILL a second gracetime
162 of kill_delay allows logging of the exit status. Note that since the
163 lingering gLExec runs as root after the payload finishes, only root can
164 forward signals to the epilogue.
165 - handlers for SIGBUS, SIGFPE, SIGILL and SIGSEGV (and optionally SIGSTKFLT
166 which normally should be unused) which only act when the signal comes from
167 the kernel. They send a SIGTERM to the payload or epilogue process (group)
168 and quit. No gracetime is wanted here. Similar behaviour happens for
169 SIGABRT and SIGSYS except that these are typically not coming from the
170 kernel and hence provide different information.
171 - SIGPIPE is logged and ignored, SIGTTOU and SIGTTIN are directly ignored in
172 order to allow jobcontrol.
173 - gLExec is doing job-control on the payload: normally the payload will run
174 in the foreground: When the payload suspends, gLExec will take back the
175 tty. When the job resumes, the tty is returned to it.
176 The payload can be forced to run in the background by either the -b
177 cmdline option or the force_payload_background config option.
178 SIGINT and SIGTSTP (typically ctrl-c and ctrl-z) give feedback on stderr.
179 - gLExec normally will also forward the 'debug' signals SIGTRAP, SIGEMT,
180 SIGVTALRM and SIGPROF, and additionally the realtime signals SIGRTMIN till
181 SIGRTMAX, unless the extra_sighandlers option is set to no.
182 Note that many modern debuggers including gdb work around the problem and
183 seem to work fine even when installing sighandlers for SIGTRAP etc. Some
184 of the realtime signals are used by valgrind, which prevents it from
185 installing handler.
186 - new options related to sighandling, see man glexec.conf(5)
187 force_payload_background (default off)
188 term_delay (default 5 seconds)
189 kill_delay (default 1 second)
190 use_setpgid (default yes)
191 extra_sighandlers (default yes)
192
193 - use of separate process group for the payload: this allows gLExec to signal
194 the entire process group (e.g. SIGTERM). Signals will only be *forwarded* to
195 the child itself. The feature can be disabled using the use_setpgid option.
196
197 - Closing of all open file descriptors in lingering gLExec process. This can be
198 prevented by setting close_fds to 'no' in the config file.
199
200 - Calling user can disable writing/setting of payload proxy by setting
201 GLEXEC_TARGET_PROXY to /dev/null (the sysadmin could already do this via the
202 create_target_proxy option)
203
204 Several defaults are changed, the old behaviour is still configurable:
205 - When gLExec is doing the userswitch (advised and default setting) gLExec will
206 run as calling user until the payload starts. At that moment, the payload will
207 run as the target user, while the lingering gLExec will keep running as
208 calling user. This allows the pilot user to send signals to the running
209 gLExec. As soon as the payload finishes or a terminating signal is received,
210 the lingering gLExec will become root and group 0.
211 When really needed, the lingering gLExec can run as the target user (pre 0.9
212 behaviour) using the linger_as_payload option. This is not considered a safe
213 setting and is strongly advised against.
214
215 - Logging defaults:
216 - all (gLExec, LCAS, LCMAPS) builtin default loglevels are 4
217 - a number of log messages are lowered in loglevel while improving the
218 information in others.
219 - gLExec now by default uses different syslog levels
220 (diff_syslog_levels=yes).
221 - LCMAPS logging in version 1.5 is much reduced and also split over syslog
222 levels. Hence the builtin default of 4 allows reducing logoutput via
223 syslog's own mechanism.
224 - at the time of this release LCAS logging is not yet reorganized, hence
225 it is advised to set the lcas_debug_loglevel to 0 (old default).
226
227 - LCAS/LCMAPS modules: when the {lcas,lcmaps}_libdir is set, gLExec now sets the
228 {LCAS,LCMAPS}_MODULES_DIR variables to that libdir followed by /lcas or
229 /lcmaps, in line with the EPEL standards. This suffix can be set in the config
230 file using the lcas_moduledir_sfx and the lcmaps_moduledir_sfx.
231
232 Bugfixes:
233 - Lookup/use the lcmaps/lcas libdir only when they are existing and absolute
234 directories.
235
236 - When the config file is untrusted, gLExec reverts to builtin defaults, which
237 often lead to a 'not-whitelisted' error to the user. The stderr message now
238 mentions that it might be due to a permission issue of the config file.
239
240 - In addition to disabling voms checking, it can be enabled. This is needed when
241 LCMAPS is build with a default set to no-voms-checking.
242
243 Build-time changes:
244 - default directories for LCMAPS and LCAS modules are now $libdir/lcmaps and
245 $libdir/lcas. This can be overridden using the --with-lcmaps-moduledir-sfx
246 (and likewise for LCAS) flags.
247
248 Version 0.8.10
249 --------------
250 This version of gLExec introduces the following new features:
251 - fix a few minor segfault situations.
252 - fix crash when "linger= ..." is absent.
253 - installation of a default glexec.conf file and a default (fully commented-out)
254 lcmaps-glexec.db file.
255 - support for specifying lcas and lcmaps db files on the configure cmdline.
256 - cleanup of unused files and support for distribution tarball.

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.26