ChangeLog 5.54 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232
CHANGES

4.0.1 Tue Nov 20 08:22:20 UTC 2018

    * Add LDFLAGS environment variable (Thanks to zboszor <https://github.com/zboszor>)

4.0.0 Mon Nov 12 16:54:56 UTC 2018

	* Add -H option for extra security without root (Thanks to intika <https://github.com/intika>). It protects against dumping, code injection, `cat /proc/pid/cmdline`, ptrace, etc.. (only works with Bourne shell (sh) scripts with no parameter)
    * Add -s option to force single process for hardening features (requires -H) <https://github.com/intika>. (only works with Bourne shell (sh) scripts with no parameter)
	* dash support

3.9.8 Sat Oct 20 17:49:28 UTC 2018

	* Add setuid option -S (Thanks to Boon Pang <https://github.com/wombat78>)

3.9.7 Sat Oct 20 15:25:13 UTC 2018

	* Fix issue #58

3.9.6 Sat Jun  3 10:05:03 UTC 2017

    * Fix issue #38

3.9.5 Wed May 31 01:35:33 UTC 2017

    * Fix issue #36

3.9.4   Sat May 13 18:46:05 UTC 2017

    * Fix issue #23 (debian bug #861180) (Thanks to original author Francisco Rosales <frosal@fi.upm.es>)

3.9.3   Sat Jul 30 18:46:34 BDT 2016

    * zsh support
    * Fix issue #13 (https://github.com/neurobin/shc/issues/13)
    

3.9.2	Fri Aug 21 16:12:33 BDT 2015
	
	Added BusyBox support with patch taken from:
	https://onedrive.live.com/prev?cid=18a41d08a9f3c543&id=18A41D08A9F3C543!231&authkey=!AJQ6Iah_5D3WJ60&v=TextFileEditor
	as suggested by https://github.com/marcoburatto

3.9.1	Fri Apr 03 00:22:11 GMT 2015
	
	Renamed  option -T to -U and reversed it's logic.
	So now, the executable prepared will execute without using sudo,
	by default.


3.9.0   Wed Apr 01  08:35:22 AM GMT 2015 

    (http://github.com/neurobin)
	Added output file option with [-o filename]
	and fixed bug on make install (manual install failed)
	Now you can access manual by entering command: man shc
	in a terminal.
        


3.8.9	Wed Apr 25 09:24:25 CEST 2012

	Thanks to Giacomo Picconi <giacomo.picconi@gpstudio.com> for:
	- Fixing a long standing bug making the source not hidden.



3.8.8	Mon Nov 28 11:26:25 CEST 2012

	"me".



3.8.7	Wed Feb 10 20:40:37 CET 2010

	- Bug on 64bit systems with expiration dates.



3.8.6	Fri Jul  7 15:54:39 CEST 2006

	Thanks to George Danchev <danchev@spnet.net> for:
	- License clarification about the rc4 implementation.



3.8.5	Fri Oct 21 13:11:36 CEST 2005

	Thanks to Jukka A. Ukkonen <jau(a)iki.fi> for:
	- Fixed untraceable() problems on FreeBSD.



3.8.4	Tue Oct  4 16:52:15 CEST 2005

	Thanks to Ron McOuat for:
	- Fixed sma11 -d option bug.



3.8.3	Tue Jun 28 21:29:06 CEST 2005

	Thanks to Jacek Kalinski <jacek@dyski.one.pl> for:
	- Fixed bug: "vfork" fails on multiprocessor systems.



3.8.2	Thu Jun 16 17:15:59 CEST 2005

	Thanks to Arjen Visser <arjen.visser@avisit.co.nz> for:
	- Fixed bug: "rlax" used after encryption.

	Thanks to Nalneesh Gaur <Nalneesh.Gaur@accenture.com> for:
	- Read permision of the script.x exposes it to disassembling.
	- Group and others read permision is now removed by default.



3.8	Thu Nov  4 20:33:52 CET 2004

	Fixed incorrect implementation on rc4.
	Hidden all the binary executable symbols but one.
	Expiration date and most strings are encrypted too.
	All the encrypted payload is now randomized.



3.7	Wed Jun 18 16:32:26 CEST 2003

	Thanks to Philipp Koller <philipp@open.ch> for:
	- Removed all strings in the compiled script.
	- Improved program output and error messages.
	- The -m option allows to define the *complete* expiration message.
	- Updated manpage shc.1.

	Thanks to Bryan <bryan.hogan@dstintl.com> for:
	- Fix wrong $0 on ksh.



3.6	Fri Feb 21 09:40:32 CET 2003

	Two new options:
	-D	switch on Debug exec calls.
	-T	switch off unTraceable.

	Bash does not need -- after -c.



3.5	Mon Jan 20 19:08:43 CET 2003

	Rewrite of large strings to silence the ISO C89 compiler
	warnings about strings larger than 509 characters.



3.4	Tue Apr 16 17:43:12 CEST 2002

	Remove "bad alignment" problem on AIX and other systems.
	Where exists, use /proc/<pid>/as in untraceable.



3.3	Thu Jan 24 21:27:07 CET 2002

	Prevent to ptrace the process.



3.2	Tue Mar  9 19:03:54 CET 1999

	Find ancient pclose that must be fclose.



3.1	Tue Feb 16 21:36:59 CET 1999

	Fixed a misbehavior on scripts with a in-frist-line option
	equal to "end of options" (i.e.  #!/bin/sh -- )
	(Thanks to Bernard Blundell <blundell@lts.sel.alcatel.de>)

	Stupid GCC "warning: return type of `main' is not `int'" removed.



3.0	Tue Oct 14 14:20:52 MET DST 1997

	Added a new option "-r" to force a relaxed security and
	so make a redistributable binary.

	Modified expiration day format. Now is dd/mm/yyyy.



3.0b3	Fri Jun  6 22:09:05 WET DST 1997

	Yet other few bugs fixed.
	Output format simplified.
	-pedantic compilation.



3.0b2	Tue Jun  3 17:51:51 GMT 1997

	Some explicit type conversions removed.

	Fixed the bug "END_OF_FILE" when compiling the generated code.
A flush is needed before a pclose.

	st_blksize and st_blocks struct stat fields does not exist on
SCO, both not used now.



3.0b1	Wed Feb 26 14:27:22 WET 1997

	The main difference with 2.4 is that in it the script was
compressed an then shuffle around, now int 3.0 the script is encripted
with an inline code, so not needend any external comand to work, and been
faster at startup. Other related adventage is that the only information
not encripted in .x.c is an stamp, expiration date and provider email
address.

	Something equivalent to cheksums have been used to enforced at
execution that the executing shell has not been modified from the time
the script was compiled. If anybody tries to change the excuting shell,
.x will refuse to execute.

	The generated .x.c source code is now readable.