[Plash] Plash 1.17 released

[Mark Seaborn]

A new version of Plash, 1.17, is available.

Plash is a system for sandboxing GNU/Linux programs so that they can
be run with minimum authority.  See http://plash.beasts.org for more info.

Packages are available for three distributions, Debian etch and sarge,
and Ubuntu Edgy Eft.  Packages for Debian etch will also work on
Debian unstable (sid).  To install using APT, add one of the following
lines to your /etc/apt/sources.list file:

deb http://plash.beasts.org/packages/debian-etch ./
deb http://plash.beasts.org/packages/debian-sarge ./
deb http://plash.beasts.org/packages/ubuntu-edgy ./

and do "apt-get install plash".

Debian source packages also available by adding the corresponding
"deb-src" line to sources.list.

Source tarball is available here:
http://plash.beasts.org/packages/common/plash_1.17.orig.tar.gz


It's been a while since the last release and there are a number of
changes:


New facilities:

-- Python bindings for the Plash object interface.  A Python
implementation of pola-run is available in the source package.

-- cow_dir: Provides layered directories, with which reads come from
one directory tree while writes go to another.  Eventually this will
provide a copy-on-write directory facility (currently it does not
allow writing to files that are in the read layer at all).  This is
usable via the Python bindings but not through pola-run (see
python/examples/cow-runner.py).


pola-run:

-- Now looks up executable names in PATH, unless --no-search-path (a
new option) is given.

-- Security bug fix: Ensure that "-t" grants read-only access when "w"
flag is not given.  (Previously, "-t" would always grant read-write
access, ignoring the "w" flag.)

-- New option: "-e".  This gives a way to specify the executable name
and its arguments without prefixing each one with "--prog" and "-a".
It is more in line with the interfaces of other Unix commands that
invoke executables, such as "chroot" and "xterm".

Usage:  -e <executable-name> <arg>...

Equivalent to:  --prog <executable-name> -a <arg1> -a <arg2> ...

"-e" swallows the remaining arguments, so it must appear last in the
argument list.

-- Improvements to logging facilities.  New option: "--log-file
<file>", sends log output to a file.  The logging format has been
changed slightly: two characters summarise whether the operation was
a read or a write, and whether it succeeded or failed.


glibc:

-- Now uses glibc 2.3.6 for Debian (rather than glibc 2.3.5).

-- Supports building glibc 2.4 and 2.5.  glibc 2.4 is used for the
Ubuntu package.  This is only partial support -- the new *at()
functions are not properly implemented yet.


glibc functions:

-- lchmod() now implemented.

-- Add partial implementation of chown()/lchown(): succeeds when no
owner/group change is requested.

-- getsockopt() is now intercepted so that UID/GIDs can be faked for
the SO_PEERCRED case.

-- Fixed getcwd() to pass glibc's io/tst-getcwd test case.
getcwd(NULL, size) when size>0 now returns an error if size is not
large enough.

-- libpthread.so's close() function is now intercepted correctly.


exec-object:

-- Will now set the current working directory where possible instead
of leaving it undefined.


Packaging:

-- Branches of the packaging scripts are included for building under
Debian sarge (excluding Python and Gtk support), and Ubuntu edgy
(using glibc 2.4 instead of 2.3.6).

-- The Plash source package no longer includes the glibc source.
Instead, glibc source tarballs are in a separate binary package which
puts them under /usr/src.  Plash Build-Depends on the glibc source
package.