/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

  • Committer: Teddy Hogeborn
  • Date: 2014-03-23 20:48:58 UTC
  • Revision ID: teddy@recompile.se-20140323204858-l1x3aiick21oog4y
Improve error message when working around Debian bug #633582.

* plugins-runner.c (main): Improve error message when failing to work
                           around Debian bug #633582.  Also simplify
                           code to always use execve().

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-client">
5
 
<!ENTITY TIMESTAMP "2016-07-10">
 
5
<!ENTITY TIMESTAMP "2014-03-05">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
33
33
    <copyright>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
36
 
      <year>2010</year>
37
 
      <year>2011</year>
38
36
      <year>2012</year>
39
37
      <year>2013</year>
40
38
      <year>2014</year>
41
 
      <year>2015</year>
42
 
      <year>2016</year>
43
39
      <holder>Teddy Hogeborn</holder>
44
40
      <holder>Björn Påhlsson</holder>
45
41
    </copyright>
102
98
      </arg>
103
99
      <sbr/>
104
100
      <arg>
105
 
        <option>--dh-params <replaceable>FILE</replaceable></option>
106
 
      </arg>
107
 
      <sbr/>
108
 
      <arg>
109
101
        <option>--delay <replaceable>SECONDS</replaceable></option>
110
102
      </arg>
111
103
      <sbr/>
319
311
        <listitem>
320
312
          <para>
321
313
            Sets the number of bits to use for the prime number in the
322
 
            TLS Diffie-Hellman key exchange.  The default value is
323
 
            selected automatically based on the OpenPGP key.  Note
324
 
            that if the <option>--dh-params</option> option is used,
325
 
            the values from that file will be used instead.
326
 
          </para>
327
 
        </listitem>
328
 
      </varlistentry>
329
 
      
330
 
      <varlistentry>
331
 
        <term><option>--dh-params=<replaceable
332
 
        >FILE</replaceable></option></term>
333
 
        <listitem>
334
 
          <para>
335
 
            Specifies a PEM-encoded PKCS#3 file to read the parameters
336
 
            needed by the TLS Diffie-Hellman key exchange from.  If
337
 
            this option is not given, or if the file for some reason
338
 
            could not be used, the parameters will be generated on
339
 
            startup, which will take some time and processing power.
340
 
            Those using servers running under time, power or processor
341
 
            constraints may want to generate such a file in advance
342
 
            and use this option.
 
314
            TLS Diffie-Hellman key exchange.  Default is 1024.
343
315
          </para>
344
316
        </listitem>
345
317
      </varlistentry>
472
444
  
473
445
  <refsect1 id="environment">
474
446
    <title>ENVIRONMENT</title>
475
 
    <variablelist>
476
 
      <varlistentry>
477
 
        <term><envar>MANDOSPLUGINHELPERDIR</envar></term>
478
 
        <listitem>
479
 
          <para>
480
 
            This environment variable will be assumed to contain the
481
 
            directory containing any helper executables.  The use and
482
 
            nature of these helper executables, if any, is
483
 
            purposefully not documented.
484
 
        </para>
485
 
        </listitem>
486
 
      </varlistentry>
487
 
    </variablelist>
488
447
    <para>
489
 
      This program does not use any other environment variables, not
490
 
      even the ones provided by <citerefentry><refentrytitle
 
448
      This program does not use any environment variables, not even
 
449
      the ones provided by <citerefentry><refentrytitle
491
450
      >cryptsetup</refentrytitle><manvolnum>8</manvolnum>
492
451
    </citerefentry>.
493
452
    </para>
693
652
    </variablelist>
694
653
  </refsect1>
695
654
  
696
 
  <refsect1 id="bugs">
697
 
    <title>BUGS</title>
698
 
    <xi:include href="../bugs.xml"/>
699
 
  </refsect1>
 
655
<!--   <refsect1 id="bugs"> -->
 
656
<!--     <title>BUGS</title> -->
 
657
<!--     <para> -->
 
658
<!--     </para> -->
 
659
<!--   </refsect1> -->
700
660
  
701
661
  <refsect1 id="example">
702
662
    <title>EXAMPLE</title>
788
748
    <para>
789
749
      It will also help if the checker program on the server is
790
750
      configured to request something from the client which can not be
791
 
      spoofed by someone else on the network, like SSH server key
792
 
      fingerprints, and unlike unencrypted <acronym>ICMP</acronym>
793
 
      echo (<quote>ping</quote>) replies.
 
751
      spoofed by someone else on the network, unlike unencrypted
 
752
      <acronym>ICMP</acronym> echo (<quote>ping</quote>) replies.
794
753
    </para>
795
754
    <para>
796
755
      <emphasis>Note</emphasis>: This makes it completely insecure to
842
801
      </varlistentry>
843
802
      <varlistentry>
844
803
        <term>
845
 
          <ulink url="https://www.gnutls.org/">GnuTLS</ulink>
 
804
          <ulink url="http://www.gnu.org/software/gnutls/"
 
805
          >GnuTLS</ulink>
846
806
        </term>
847
807
      <listitem>
848
808
        <para>
854
814
      </varlistentry>
855
815
      <varlistentry>
856
816
        <term>
857
 
          <ulink url="https://www.gnupg.org/related_software/gpgme/"
 
817
          <ulink url="http://www.gnupg.org/related_software/gpgme/"
858
818
                 >GPGME</ulink>
859
819
        </term>
860
820
        <listitem>
898
858
      </varlistentry>
899
859
      <varlistentry>
900
860
        <term>
901
 
          RFC 5246: <citetitle>The Transport Layer Security (TLS)
902
 
          Protocol Version 1.2</citetitle>
 
861
          RFC 4346: <citetitle>The Transport Layer Security (TLS)
 
862
          Protocol Version 1.1</citetitle>
903
863
        </term>
904
864
      <listitem>
905
865
        <para>
906
 
          TLS 1.2 is the protocol implemented by GnuTLS.
 
866
          TLS 1.1 is the protocol implemented by GnuTLS.
907
867
        </para>
908
868
      </listitem>
909
869
      </varlistentry>
920
880
      </varlistentry>
921
881
      <varlistentry>
922
882
        <term>
923
 
          RFC 6091: <citetitle>Using OpenPGP Keys for Transport Layer
 
883
          RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer
924
884
          Security</citetitle>
925
885
        </term>
926
886
      <listitem>