[grsec] grtool 0.2

Marc Schiffbauer marc at schiffbauer.net
Fri Jun 24 08:14:05 EDT 2005


Hi all,

I have released grtool 0.2 which fixes some real bugs and
adds some new features.

Everybody using it should upgrade.

grtool is a small utility useful for people who are dealing with
learning logs and policy files created by and maintained for the
grsecurity RBAC system.

Some release notes:
 * Please note that I changed the naming convention for split policy
   files.

 * Debian users: As I upgraded to sarge the package now is build on
   sarge, and so I renamed the directory to 'sarge'. So be sure to
   update your sources.list to:
   deb http://packman.iu-bremen.de/debian/sarge/grtool ./
                                          ^^^^^

Changes since grtool 0.1:
VERSION 0.2:
  FEATURES:
    * New global switch: -t/--temp-dir to specify a TEMP dir
      to use.
      Be sure to choose a tempdir thats on the same filesystem
      as the original files for better performance and saving
      I/O
    * shrink-log: New switch -b/--buffer-size
      Default is 5M. Higher values may increase
      log shrinking performance
    * improved command line argument processing is much
      more flexible and now allows things like 
      -abc instead of -a -b -c
      and more...
      (uses getopt)
    * New global switch: -N/--no-backups to supress backup
      files.
      Due to changed tempfile handling the original
      file will still be there if grtool gets aborted.

  CHANGES:
    * shrink-log: Use the '-u' switch of sort instead of 
      the uniq command
    * split-policy: The file _include has been renamed
      to "_role" as it contains the role spec + includes
      for all subjects (A better filename is welcome btw...)
    * split-policy: Subject files now have a ".subject" suffix
      to prevent clashes with subdirectories
    * split-policy: Role directories now have a
      ".{user,group,special}_role" suffix and no prefix
      (default role is called "default_role")
    * split-policy: The filename for a default subject "_default"
      has been changed to "default.subject"
    * Updated README
    * better tempfile security using mcookie instead of pid
    * better tempfile handling -> really all tempfiles go
      into temp-dir
    * disabled convert-log command as it is broken and I do not
      know how to do it reliably :-( If you know what to do,
      please tell me

  BUGFIXES:
    * split-policy: include statements were not always
      absolute paths which could lead to an invalid policy
    * shrink-log/convert-log: fixed bug where grtool exited silently 
      if no cstream utilily is installed
    * shrink-log/convert-log: fixed possible deadlock of grtool that
      could occure when processing very small learning logs

Please download it here:

  http://linuxcc.de/grtool/

Debian users can use the following sources.list entry:

  deb http://packman.iu-bremen.de/debian/sarge/grtool ./

  (should work for sid or woody as well)

Feedback is very welcome.
Have fun.

-Marc
-- 
8AAC 5F46 83B4 DB70 8317  3723 296C 6CCA 35A6 4134
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20050624/da256d4b/attachment.pgp


More information about the grsecurity mailing list