--- titantools-4.0.11+notdfsg1.orig/LICENSE +++ titantools-4.0.11+notdfsg1/LICENSE @@ -21,12 +21,13 @@ more-or-less customary fashion, plus the right to make reasonable modifications. - Neither Sun Microsystems Inc., EarthLink Networks Inc., or any other - institution or companies bear any liability or responsibility - whatsoever for the software, including (but not restricted to) - responsibility for its existence, structure, content, function or use - by any person anywhere. - _________________________________________________________________ + Notwithstanding any other agreement or any other provision herein, effective + January 15, 2005, an entity with greater than 400 employees shall be + required to obtain written permission from Team Titan in order to download, + print, access, view, distribute or otherwise use in any way the Package or + other files known as Titan. For purposes herein, an entity includes its + employees, agents, affiliates, partners, contractors etc. + _________________________________________________________________ (Much of this is taken from the 'Artistic License', distributed as part of the Perl v4.0 kit by Larry Wall, which is available from most --- titantools-4.0.11+notdfsg1.orig/Makefile +++ titantools-4.0.11+notdfsg1/Makefile @@ -3,17 +3,17 @@ CC = cc CPPFLAGS = -CFLAGS = -Bstatic +CFLAGS = LDFLAGS = -dn LIBS = -Bstatic /usr/lib/libc.a -Bstatic /usr/ccs/lib/libtermcap.a -Bstatic /usr/lib/libnsl.a -LIBS2 = -Bstatic /usr/lib/libc.a +LIBS2 = /usr/lib/libc.a # default target all: noshell runas noshell: noshell.o - $(CC) $(CFLAGS) -o noshell $(LIBS) $(LDFLAGS) noshell.o + $(CC) -Bstatic $(CFLAGS) -o noshell $(LIBS) $(LDFLAGS) noshell.o runas: stubs.o runas.o $(CC) $(CFLAGS) -o runas $(LIBS2) $(LDFLAGS) stubs.o runas.o --- titantools-4.0.11+notdfsg1.orig/Makefile.linux +++ titantools-4.0.11+notdfsg1/Makefile.linux @@ -1,16 +1,21 @@ # Titan Makefile for Linux -VERSION = 4.0 +VERSION = 4.0.11 CC = gcc CPPFLAGS = -CFLAGS = -static -LDFLAGS = -dn -LIBS = -static /usr/lib/libc.a -static /usr/i486-linuxaout/lib/libtermcap.a -static /usr/lib/libnsl.a -LIBS2 = -static /usr/lib/libc.a +CFLAGS = +# Build dynamic binary: +LDFLAGS = +LIBS = +LIBS2 = +# For building static binary: +#LDFLAGS = -dn +#LIBS = -static /usr/lib/libc.a -static /usr/lib/libtermcap.a -static /usr/lib/libnsl.a +#LIBS2 = /usr/lib/libc.a # default target -all: noshell runas +all: noshell runas noshell: noshell.o $(CC) $(CFLAGS) -o noshell $(LIBS) $(LDFLAGS) noshell.o @@ -18,3 +23,5 @@ runas: stubs.o runas.o $(CC) $(CFLAGS) -o runas $(LIBS2) $(LDFLAGS) stubs.o runas.o +clean: + -rm -f *.o noshell runas --- titantools-4.0.11+notdfsg1.orig/debian/README.Debian +++ titantools-4.0.11+notdfsg1/debian/README.Debian @@ -0,0 +1,21 @@ + +Notes for Titantools +-------------------- + +Noshell should *not* be registered in /etc/shells if you plan to use it, +otherwise it will be recognized as a valid shell and will be executed on logon. + +If the /usr/sbin/noshell shell is registered in /etc/shells some programs might +think that users which have this shell as their shell are actually +valid users. Which is the opposite of what noshell is provided with. + +This happens, for example with 'su' or with some FTP daemons. They will +allow access to any user with a shell listed in /etc/shells. Only +shells *not* listed in /etc/shells are considered a "restricted shell" in +these programs and will disallow access to users that have them as their +personal shell. + +-------- +Javier Fernandez-Sanguino +Tue, 29 Mar 2011 22:50:05 +0200 + --- titantools-4.0.11+notdfsg1.orig/debian/changelog +++ titantools-4.0.11+notdfsg1/debian/changelog @@ -0,0 +1,149 @@ +titantools (4.0.11+notdfsg1-7.1) unstable; urgency=medium + + * Non-maintainer upload. + * Install noshell into /usr/sbin. (Closes: #1073771) + + -- Chris Hofstaedtler Mon, 08 Jul 2024 00:40:11 +0200 + +titantools (4.0.11+notdfsg1-7) unstable; urgency=medium + + * Move to Debhelper compatibility version 13 (Closes: #1002884) + * debian/control: + - Updated Standards version (no changes required) + - Add debhelper-compat = 13, remove debian/comat + * debian/source/format - add and declare the format in use (1.0) + + -- Javier Fernández-Sanguino Peña Sun, 27 Mar 2022 20:14:22 +0200 + +titantools (4.0.11+notdfsg1-6) unstable; urgency=medium + + * debian/control: + - Remove the noshell transitional package as some releases have passed + already + - Use UTF-8 for maintainer's name + - Add debhelper 9 dependency + * Rewrite debian/rules to use the debhelper tools (with some overrides) + (Closes: #822032) + * Remove override for noshell since it is not build staticly + + -- Javier Fernández-Sanguino Peña Sat, 23 Apr 2016 19:32:42 +0200 + +titantools (4.0.11+notdfsg1-5) unstable; urgency=low + + * debian/control: Add noshell to the correct section in non-free + (Closes: 620178) + + -- Javier Fernandez-Sanguino Pen~a Thu, 31 Mar 2011 00:38:03 +0200 + +titantools (4.0.11+notdfsg1-4) unstable; urgency=low + + * Rename the binary package to 'titantools' as noshell is just + one of the tools provided within it. + * debian/README.Debian: rewrite for clarity and fix some grammatical typos + * debian/noshell.sgml: fix grammatical errors and clarify the content and + examples. Also properly document the (minor) differences between + noshell and nologin. (Closes: #410221) + * debian/postinst: Change the pointer to the new README file location + * debian/rules: Now use debian/titantools as the directory for building + the package + + -- Javier Fernandez-Sanguino Pen~a Tue, 29 Mar 2011 22:46:21 +0200 + +titantools (4.0.11+notdfsg1-3) unstable; urgency=low + + * Update maintainer's address. + * runas.8: Fix typo + + -- Javier Fernandez-Sanguino Pen~a Tue, 29 Mar 2011 01:40:11 +0200 + +titantools (4.0.11+notdfsg1-2) unstable; urgency=low + + * Add 'XS-Autobuild: yes' to debian/control so this can get autobuilt + even if in non-free. + + -- Javier Fernandez-Sanguino Pen~a Thu, 02 Dec 2010 03:34:33 +0100 + +titantools (4.0.11+notdfsg1-1) unstable; urgency=low + + * Artificial upstream version to make it possible for titantools to + move from main to non-free. + * Makefile.linux: Do not build noshell as a static binary as this + does not gain anything and leads to a FTBFS in amd64 (Closes: 584383) + * Remove configure and configure-stamp targets from debian/rules + * debian/control: + - Clarify that noshell is an alternative to 'nologin' which is now + provided by the login package. + - Remove the Homepage entry as http://www.fish2.com/titan/, since it is + no longer available and no homepage can be found to replace it. + * debian/noshell.sgml: + - Document differences between noshell and nologin and add shells, login + and nologin in SEE ALSO. + - Change my email address + - Comment out the old sites which are no longer available + * debian/noshell.sgml: + - Change my email address + - Comment out the old sites which are no longer available + * debian/rules: use dh_prep instead of dh_clean -k + * Use Debhelper compatibility version 5, no changes needed. + * Upgrade to Standards Version 3.9.1.0: + - Convert debian/copyright to UTF-8 + + -- Javier Fernandez-Sanguino Pen~a Mon, 30 Aug 2010 16:35:53 +0200 + +titantools (4.0.11-6) unstable; urgency=low + + * Change to the license file, note that upstream has changed the license + as of january 2005, even though we are not releasing the latest + source code it makes no sense to distribute these tools with the + old license. (Closes: #397188) + * Move the package to non-free due to the license change + * As suggested by Justin Pryzby, change the recommendation + at README.Debian to tell users not to include noshell in /etc/shells + and add postinst code to detect users that followed the + previous (wrong) advice. (Closes: #429697) + * Change references to old site to the new one (http://www.fish2.com/titan/) + * Move Homepage to the control: header and also update the location + of upstream's project + * Ammend the manpage's description of the runas command (Closes: #374621) + + -- Javier Fernandez-Sanguino Pen~a Tue, 03 Jun 2008 01:31:41 +0200 + +titantools (4.0.11-5) unstable; urgency=low + + * Remove useless runas.1 manpage + * Fixed debian/rules, it was removing the wrong file + * Fixed runas' manpage (Closes: #374621) + + -- Javier Fernandez-Sanguino Pen~a Tue, 19 Jun 2007 17:41:27 +0200 + +titantools (4.0.11-4) unstable; urgency=low + + * Update location of the Titan homepage, it is now + http://www.trouble.org/titan/ (Closes: #396362) + + -- Javier Fernandez-Sanguino Pen~a Wed, 1 Nov 2006 10:37:56 +0100 + +titantools (4.0.11-3) unstable; urgency=low + + * Minor manpage fixes. + + -- Javier Fernandez-Sanguino Pen~a Wed, 3 May 2006 13:23:24 +0200 + +titantools (4.0.11-2) unstable; urgency=low + + * Added proper Build-Depends (Closes: #225743) + + -- Javier Fernandez-Sanguino Pen~a Fri, 2 Jan 2004 11:29:41 +0100 + +titantools (4.0.11-1) unstable; urgency=low + + * Initial Release. + * Modified Noshell.c in order to generate the syslog warning as + 'noshell' and not Titan. + * Modified the Makefile in order to add a 'clean' target, also + runas is not compiled staticly (until I figure out the errors it + generates) + * Wrote manpages for runas and noshell + + -- Javier Fernandez-Sanguino Pen~a Thu, 20 Nov 2003 08:52:17 +0100 + --- titantools-4.0.11+notdfsg1.orig/debian/control +++ titantools-4.0.11+notdfsg1/debian/control @@ -0,0 +1,25 @@ +Source: titantools +Section: non-free/admin +Priority: optional +Maintainer: Javier Fernandez-Sanguino Peña +Build-Depends: debhelper (>= 13.0.0), debhelper-compat (=13), docbook-to-man, libncurses5-dev +Standards-Version: 4.5.1 +XS-Autobuild: yes +Vcs-Browser: https://salsa.debian.org/debian/titantools +Vcs-Git: https://salsa.debian.org/debian/titantools.git + +Package: titantools +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Replaces: noshell (<< 4.0.11+notdfsg1-3~) +Conflicts: noshell (<< 4.0.11+notdfsg1-3~) +Provides: noshell +Description: Tools to secure bastion hosts + Titantools provides two of the tools provided by the Titan package + which are: + * noshell: an alternative way to login's nologin to add shells to + administrative (locked) system users. + * runas: a simple generic program that allows administrators to + start daemons as non privileged users, and optionally to run in a + chrooted environment. + --- titantools-4.0.11+notdfsg1.orig/debian/copyright +++ titantools-4.0.11+notdfsg1/debian/copyright @@ -0,0 +1,153 @@ +This package was debianized by Javier Fernandez-Sanguino Pen~a + on Thu, 20 Nov 2003 08:52:17 +0100. + +It was downloaded from http://www.fish.com/titan/ + +Update -november 2006- no longer available, the site has moved to +http://www.trouble.org/titan/ + +Update -june 2008- old site is now up at http://www.fish2.com/titan/ + +Update -august 2010- no official site is up now with the tools. + + +Upstream Author: The Titan Team + +Copyright: (c) 1992-2003 Brad Powell ,Matt Archibald, and Dan Farmer + + Titan Security Toolkit (®) + + Release 4.1 + + The authors (Brad, Dan and Matt) would like to take this opportunity + to thank the employers who supported this effort as well as some + freeware authors who have made direct or indirect and positive + contributions to the development of Titan: SUN, Alec Muffett, + Casper Dik, Wietse Venema, David Safford, Keith Watson, and many others + _________________________________________________________________ + + Titan is, and has been, publically distributed under copyright and + license by Team Titan (Brad, Matt and Dan) since May 1998. + + This is to state the conditions under which this Package known as + Titan, which is copyright Brad M. Powell, Dan Farmer, and Matthew + Archibald, may be copied, such that the Copyright Holder maintains + some control over the development of the package, while giving the + users of the package the right to use and distribute the Package in a + more-or-less customary fashion, plus the right to make reasonable + modifications. + +[ Maintainer's note : added to Titan's license in january 2005 ] +> Notwithstanding any other agreement or any other provision herein, effective +> January 15, 2005, an entity with greater than 400 employees shall be +> required to obtain written permission from Team Titan in order to download, +> print, access, view, distribute or otherwise use in any way the Package or +> other files known as Titan. For purposes herein, an entity includes its +> employees, agents, affiliates, partners, contractors etc. + +[ Maintainer's note : removed from Titan's license in january 2005 ] +< Neither Sun Microsystems Inc., EarthLink Networks Inc., or any other +< institution or companies bear any liability or responsibility +< whatsoever for the software, including (but not restricted to) +< responsibility for its existence, structure, content, function or use +< by any person anywhere. + _________________________________________________________________ + + (Much of this is taken from the 'Artistic License', distributed as + part of the Perl v4.0 kit by Larry Wall, which is available from most + major archive sites) + + Definitions: + + "Package" refers to the collection of files distributed by the + Copyright Holder, and derivatives of that collection of files created + through textual modification, or segments thereof. + + "Standard Version" refers to such a Package if it has not been + modified, or has been modified in accordance with the wishes of the + Copyright Holder. + + "Copyright Holder" is whoever is named in the copyright or copyrights + for the package. + + "You" is you, if you're thinking about copying or distributing this + Package. + + "Reasonable copying fee" is whatever you can justify on the basis of + media cost, duplication charges, time of people involved, and so on. + (You will not be required to justify it to the Copyright Holder, but + only to the computing community at large as a market that must bear + the fee.) + + "Freely Available" means that no fee is charged for the item itself, + though there may be fees involved in handling the item. It also means + that recipients of the item may redistribute it under the same + conditions they received it. + + 1. You may make and give away verbatim copies of the source form of + the Standard Version of this Package without restriction, provided + that you duplicate all of the original copyright notices and + associated disclaimers. + + 2. You may apply bug fixes, portability fixes and other modifications + derived from the Public Domain or from the Copyright Holder. A Package + modified in such a way shall still be considered the Standard Version. + + 3. You may otherwise modify your copy of this Package in any way, + provided that you insert a prominent notice in each changed file + stating how and when AND WHY you changed that file, and provided that + you do at least ONE of the following: + + a) place your modifications in the Public Domain or otherwise make + them Freely Available, such as by posting said modifications to + Usenet or an equivalent medium, or placing the modifications on a + major archive site such as uunet.uu.net, or by allowing the + Copyright Holder to include your modifications in the Standard + Version of the Package. + + b) use the modified Package only within your corporation or + organization. + + c) rename any non-standard executables so the names do not conflict + with standard executables, which must also be provided, and provide + separate documentation for each non-standard executable that + clearly documents how it differs from the Standard Version. + + d) make other distribution arrangements with the Copyright Holder. + + 4) You may distribute the programs of this Package in object code or + executable form, provided that you do at least ONE of the following: + + a) distribute a Standard Version of the executables and library + files, together with instructions (in the manual page or + equivalent) on where to get the Standard Version. + + b) accompany the distribution with the machine-readable source of + the Package with your modifications. + + c) accompany any non-standard executables with their corresponding + Standard Version executables, giving the non-standard executables + non-standard names, and clearly documenting the differences in + manual pages (or equivalent), together with instructions on where + to get the Standard Version. + + d) make other distribution arrangements with the Copyright Holder. + + 5) You may charge a reasonable copying fee for any distribution of + this Package. You may charge any fee you choose for support of this + Package. YOU MAY NOT CHARGE A FEE FOR THIS PACKAGE ITSELF. However, + you may distribute this Package in aggregate with other (possibly + commercial) programs as part of a larger (possibly commercial) + software distribution provided that YOU DO NOT ADVERTISE this package + as a product of your own. + + 6) The name of the Copyright Holder may not be used to endorse or + promote products derived from this software without specific prior + written permission. + + 7) THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED + WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + _________________________________________________________________ + + --- titantools-4.0.11+notdfsg1.orig/debian/dirs +++ titantools-4.0.11+notdfsg1/debian/dirs @@ -0,0 +1,2 @@ +usr/sbin +usr/share/lintian/overrides --- titantools-4.0.11+notdfsg1.orig/debian/noshell.sgml +++ titantools-4.0.11+notdfsg1/debian/noshell.sgml @@ -0,0 +1,163 @@ + + Javier"> + Fernandez-Sanguino"> + + november 20, 2003"> + 1"> + jfs@debian.org"> + + TITANTOOLS"> + + + Debian"> + GNU"> + GPL"> +]> + + + +
+ &dhemail; +
+ + &dhfirstname; + &dhsurname; + + + 2003 + &dhusername; + + &dhdate; +
+ + &dhucpackage; + + &dhsection; + + + &dhpackage; + + shell for administrative users that should never log in + + + DESCRIPTION + + noshell is a shell that can be + assigned to system users which need to be active but should never + log in to the system. noshell helps monitor + attempts to access disabled accounts and logs this into syslog. + + + If a user attempts to connect to the system through an + administrative user that has a valid password and uses + noshell as his shell, then the use + of noshell will be logged, the connection will + be terminated and the user will be unable to gain access to the + host. + + After connecting the login program might display the timestamp + of the last loging. For example, in a remote connection: + +
+ + hostileuser@hostile_host% ssh -l adminuser remote_host + + adminuser@remote_host's password: ******* + + (System's /etc/motd) + + Last login: Sat Nov 22 23:30:41 2003 from localhost + + Connection to remote_host closed. + +
+ + If the user is denied access, noshell will + send a message to syslog using the LOG_AUTH + facility. It does not provide any indication of wether this connection + attempt was local or remote, this information must be retrieved from + other logs. In the above example the following would + get recorded in /var/log/authlog: + + +
+ +Nov 22 23:30:41 remote_host sshd[9950]: Accepted password for adminuser from hostile_host port 44422 ssh2 + +Nov 22 23:30:41 remote_host ssh(pam_unix)[9952]: session opened for user adminuser by (uid=1) + +Nov 22 23:30:41 remote_host noshell[9953]: Noshell warning: user adminuser login from a disabled shell + +Nov 22 23:30:41 remote_host ssh(pam_unix)[9952]: session closed for user adminuser + +
+ + + In Debian, noshell is an alternative to the + nologin shell, the latter is provided in the login + package. The main differences between them is that + noshell will not provide any information of why the + access has been denied. + + + +
+ + OPTIONS + + This program does not use any option. + + + + SEE ALSO + + + + + + shells(5), login(1), nologin(8). + + + AUTHOR + + This manual page was written by &dhusername; <&dhemail;> for + the &debian; system (but may be used by others). Permission is + granted to copy, distribute and/or modify this document under + the terms of the &gnu; General Public License, Version 2 any + later version published by the Free Software Foundation. + + + On Debian systems, the complete text of the GNU General Public + License can be found in /usr/share/common-licenses/GPL. + + + +
+ + + + --- titantools-4.0.11+notdfsg1.orig/debian/postinst +++ titantools-4.0.11+notdfsg1/debian/postinst @@ -0,0 +1,10 @@ +#!/bin/sh -e + +f=/sbin/noshell +l=/etc/shells +if grep -Fx "$f" "$l" >/dev/null; then + echo "$0: warning: $l contains an entry for $f;" + echo "see /usr/share/doc/titantools/README.Debian" +fi >&2 + +#DEBHELPER# --- titantools-4.0.11+notdfsg1.orig/debian/rules +++ titantools-4.0.11+notdfsg1/debian/rules @@ -0,0 +1,18 @@ +#!/usr/bin/make -f + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +%: + dh $@ + +override_dh_auto_build: + $(MAKE) -f Makefile.linux + /usr/bin/docbook-to-man debian/noshell.sgml > noshell.1 + /usr/bin/docbook-to-man debian/runas.sgml > runas.8 + +override_dh_clean: + dh_clean + -$(MAKE) -f Makefile.linux clean + -rm -f runas.8 noshell.1 + --- titantools-4.0.11+notdfsg1.orig/debian/runas.sgml +++ titantools-4.0.11+notdfsg1/debian/runas.sgml @@ -0,0 +1,156 @@ +Javier"> + Fernandez-Sanguino"> + November 22, 2003"> + 8"> + jfs@debian.org"> + + TITANTOOLS"> + + + Debian"> + GNU"> + GPL"> +]> + + + +
+ &dhemail; +
+ + &dhfirstname; + &dhsurname; + + + 2003 + &dhusername; + + &dhdate; +
+ + &dhucpackage; + + &dhsection; + + + runas + + program to run daemons as non priviledge users + + + + runas + + + uid + gid + umask + program + [options] + + + + + DESCRIPTION + + runas is a small program that + allows administrators a generic way to run daemons as non + privileged users. + + + runas is equivalent to using su + but it strips off the environment and does not require the + target user's shell to be legitimate (that is, listed under + /etc/shells) + + The main reason of using runas is to avoid + having daemons run as the root user, in some cases this might be + necessary (like login programs, such as ssh or + telnetd that need to switch to the user making + the connection) but in many cases it might not be necessary at all. + It can be also a good replacement for su, since + it prevents attacks to daemons through the use of environment + variables. Just change (in your initialisation scripts under + /etc/init.d) the line: + + +
+ + su - daemon -c /usr/bin/blah + +
+ + to: + +
+ + runas daemon daemongroup /usr/bin/blah + +
+ +
+ + OPTIONS + + This program just takes two command line options: + + + + + + + Show summary of options. + + + + directory + + + Chroot the daemon to a specific directory before execution. + + + + + + SEE ALSO + + chroot(2), chroot(8) + + + + AUTHOR + + This manual page was written by &dhusername; <&dhemail;> for + the &debian; system (but may be used by others). Permission is + granted to copy, distribute and/or modify this document under + the terms of the &gnu; General Public License, Version 2 any later + version published by the Free Software Foundation. + + + On Debian systems, the complete text of the GNU General Public + License can be found in /usr/share/common-licenses/GPL. + + + +
+ + + + --- titantools-4.0.11+notdfsg1.orig/debian/source/format +++ titantools-4.0.11+notdfsg1/debian/source/format @@ -0,0 +1 @@ +1.0 --- titantools-4.0.11+notdfsg1.orig/debian/titantools.install +++ titantools-4.0.11+notdfsg1/debian/titantools.install @@ -0,0 +1,2 @@ +noshell /usr/sbin/ +runas /usr/sbin/ --- titantools-4.0.11+notdfsg1.orig/debian/titantools.manpages +++ titantools-4.0.11+notdfsg1/debian/titantools.manpages @@ -0,0 +1,2 @@ +runas.8 +noshell.1 --- titantools-4.0.11+notdfsg1.orig/noshell.c +++ titantools-4.0.11+notdfsg1/noshell.c @@ -65,7 +65,7 @@ syslog ( LOG_WARNING, - "Titan warning: user %s login from a disabled shell", + "Noshell warning: user %s login from a disabled shell", getlogin() ); closelog(); --- titantools-4.0.11+notdfsg1.orig/stubs.c +++ titantools-4.0.11+notdfsg1/stubs.c @@ -7,6 +7,6 @@ char* dlopen() { return 0;} int dlclose() { return 0;} char* dlsym() { return 0;} -char* dgettext() { return "";} +char* dgettext(const char *__domainname, const char *__msgid) { return "";} char* dlerror() { return "dynamic linking not loaded";}