/mandos/trunk

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to intro.xml

Committer: Teddy Hogeborn
Date: 2015-07-01 20:01:26 UTC
mto: This revision was merged to the branch mainline in revision 759.
Revision ID: teddy@recompile.se-20150701200126-qb3f6c3jcas2f4og

mandos-client: Try to start a plugin to add and remove a local route.

* debian/mandos-client.README.Debian: Add setting of environment
                                      variable MANDOSPLUGINHELPERDIR
                                      to command line testing
                                      mandos-client.
* mandos-client.c (raise_privileges): Moved to top of file.
                  (raise_privileges_permanently): - '' -
                  (lower_privileges): - '' -
                  (lower_privileges_permanently): - '' -
  (add_remove_local_route, add_local_route, remove_local_route): New.
  (start_mandos_communication): Set SOCK_CLOEXEC flag on socket.  Run
                                the above functions to add (and
                                remove) local route, if the conditions
                                indicates it could help.
  (run_network_hooks): Use O_DIRECTORY, O_PATH, and O_CLOEXEC flags
                       when opening network hook directory. Do
                       TEMP_FAILURE_RETRY around opening of /dev/null
                       and network hook executables.  Move redirecting
                       of stdout and stderr to as late as possible
                       before fexecve().
  (main): Use O_DIRECTORY and O_PATH when opening temporary directory.
* plugins.d/mandos-client.xml (ENVIRONMENT): Document usage of the
                                             MANDOSPLUGINHELPERDIR
                                             environment variable.

files removed:
bugs.xml

plugin-helpers/mandos-client-iprouteadddel.c

tmpfiles.d-mandos.conf

files modified:
DBUS-API

INSTALL

Makefile

NEWS

README

TODO

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d/bridge

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

1

1

<?xml version="1.0" encoding="UTF-8"?>

2

2

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

3

3

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

4

<!ENTITY TIMESTAMP "2017-02-23">

4

<!ENTITY TIMESTAMP "2014-06-22">

5

5

<!ENTITY % common SYSTEM "common.ent">

6

6

%common;

7

7

]>

32

32

<copyright>

33

33

<year>2011</year>

34

34

<year>2012</year>

35

<year>2013</year>

36

<year>2014</year>

37

<year>2015</year>

38

<year>2016</year>

39

<year>2017</year>

40

35

<holder>Teddy Hogeborn</holder>

41

36

<holder>Björn Påhlsson</holder>

42

37

</copyright>

78

73

<refsect1 id="introduction">

79

74

<title>INTRODUCTION</title>

80

75

<para>

81

<!-- This paragraph is a combination and paraphrase of two

82

quotes from the 1995 movie “The Usual Suspects”. -->

83

76

You know how it is. You’ve heard of it happening. The Man

84

77

comes and takes away your servers, your friends’ servers, the

85

78

servers of everybody in the same hosting facility. The servers

204

197

</para>

205

198

</refsect2>

206

199

207

<refsect2 id="sniff">

208

<title>How about sniffing the network traffic and decrypting it

209

later by physically grabbing the Mandos client and using its

210

key?</title>

211

<para>

212

We only use <acronym>PFS</acronym> (Perfect Forward Security)

213

key exchange algorithms in TLS, which protects against this.

214

</para>

215

</refsect2>

216

217

200

<refsect2 id="physgrab">

218

201

<title>Physically grabbing the Mandos server computer?</title>

219

202

<para>

382

365

</para>

383

366

</refsect1>

384

367

385

<refsect1 id="bugs">

386

<title>BUGS</title>

387

<xi:include href="bugs.xml"/>

388

</refsect1>

389

390

368

<refsect1 id="see_also">

391

369

<title>SEE ALSO</title>

392

370

<para>

420

398

<variablelist>

421

399

<varlistentry>

422

400

<term>

423

<ulink url="https://www.recompile.se/mandos">Mandos</ulink>

401

<ulink url="http://www.recompile.se/mandos">Mandos</ulink>

424

402

</term>

425

403

<listitem>

426

404

<para>

Older »