/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to debian/mandos-client.lintian-overrides

  • Committer: Teddy Hogeborn
  • Date: 2008-08-03 01:09:36 UTC
  • mfrom: (24.1.9 mandos)
  • Revision ID: teddy@fukt.bsnet.se-20080803010936-ujme8tgxceszfbi1
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
                            Take an additional non-option argument and
                            parse it as a plus-separated and -prefixed
                            list of additional options.

* plugins.d/mandosclient.c (DH_BITS): Replaced with
                                      "mandos_context.dh_bits".  All
                                      users changed.
  (certdir): Renamed to "keydir".  All users changed.
  (certfile): Renamed to "pubkeyfile".  All users changed.
  (certkey): Renamed to "seckeyfile".  All users changed.
  (encrypted_session): Replaced with "mandos_context".  All users
                       changed.
  (initgnutls): Take additional "session" and "dh_params" arguments.
                All callers changed.
  (start_mandos_communication): Take additional "mc" argument.  All
                                callers changed.  Print target IPv6
                                address if different than supplied
                                string.
  (simple_poll) Replaced with "mandos_context.simple_poll".  All users
                changed.
  (server): Replaced with "mandos_context.server".  All users changed.
  (main): Default interface to "eth0".  Rename "--certdir" to
          "--keydir", "--certkey" to "--seckey", and "--certfile" to
          "--pubkey".  New options "--dh-bits" and "--priority".  If
          the interface is not up, bring it up.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
# This directory contains secret client key files.
2
 
#
3
 
mandos-client binary: non-standard-dir-perm etc/keys/mandos/ 0700 != 0755
4
 
 
5
 
# The directory /usr/lib/<arch>/mandos/plugins.d contains setuid
6
 
# binaries which are not meant to be run outside an initial RAM disk
7
 
# environment (except for test purposes).  It would be insecure to
8
 
# allow anyone to run them.
9
 
#
10
 
mandos-client binary: non-standard-dir-perm usr/lib/*/mandos/plugins.d/ 0700 != 0755
11
 
 
12
 
# These binaries must be setuid root, since they need root powers, but
13
 
# are started by plugin-runner(8mandos), which runs all plugins as
14
 
# user/group "_mandos".  These binaries are not run in a running
15
 
# system, but in an initial RAM disk environment.  Here they are
16
 
# protected from non-root access by the directory permissions, above.
17
 
#
18
 
mandos-client binary: setuid-binary usr/lib/*/mandos/plugins.d/mandos-client 4755 root/root
19
 
mandos-client binary: setuid-binary usr/lib/*/mandos/plugins.d/askpass-fifo 4755 root/root
20
 
mandos-client binary: setuid-binary usr/lib/*/mandos/plugins.d/splashy 4755 root/root
21
 
mandos-client binary: setuid-binary usr/lib/*/mandos/plugins.d/usplash 4755 root/root
22
 
mandos-client binary: setuid-binary usr/lib/*/mandos/plugins.d/plymouth 4755 root/root
23
 
 
24
 
# The directory /etc/mandos/plugins.d can be used by local system
25
 
# administrators to place plugins in, overriding and complementing
26
 
# /usr/lib/<arch>/mandos/plugins.d, and must be likewise protected.
27
 
#
28
 
mandos-client binary: non-standard-dir-perm etc/mandos/plugins.d/ 0700 != 0755