--- vlock-2.2.2.orig/config.mk +++ vlock-2.2.2/config.mk @@ -0,0 +1,63 @@ +# automatically generated by ./configure on Tue Jun 17 17:14:19 CEST 2008 + +### configuration options ### + +# authentification method (pam or shadow) +AUTH_METHOD = pam +# also prompt for the root password in adition to the user's +ENABLE_ROOT_PASSWORD = yes +# enable plugins for vlock-main +ENABLE_PLUGINS = yes +# which plugins should be build +MODULES = all.so new.so nosysrq.so +# which scripts should be installed +SCRIPTS = + +# root's group +ROOT_GROUP = root + +# group for privileged plugins +VLOCK_GROUP = root +# mode for privileged plugins +VLOCK_MODULE_MODE = 0750 + +### paths ### + +# installation prefix +PREFIX = /usr/local +BINDIR = $(PREFIX)/bin +SBINDIR = $(PREFIX)/sbin +LIBDIR = $(PREFIX)/lib +MANDIR = $(PREFIX)/share/man +# installation root +DESTDIR = +# path where modules will be located +MODULEDIR = $(LIBDIR)/vlock/modules +# path where scripts will be located +SCRIPTDIR = $(LIBDIR)/vlock/scripts + +### programs ### + +# shell to run vlock.sh with (only bash is known to work) +BOURNE_SHELL = /bin/sh +# C compiler +CC = gcc +# linker +LD = ld +# mkdir +MKDIR_P = mkdir -p +# install +INSTALL = install + +### compiler and linker settings ### + +# C compiler flags +CFLAGS = -O2 -Wall -W -pedantic -std=gnu99 +# linker flags +LDFLAGS = +# linker flags needed for dlopen and friends +DL_LIB = -ldl +# linker flags needed for crypt +CRYPT_LIB = -lcrypt +# linker flags needed for pam +PAM_LIBS = -ldl -lpam --- vlock-2.2.2.orig/debian/vlock.docs +++ vlock-2.2.2/debian/vlock.docs @@ -0,0 +1,2 @@ +README +SECURITY --- vlock-2.2.2.orig/debian/watch +++ vlock-2.2.2/debian/watch @@ -0,0 +1,11 @@ +# Example watch control file for uscan +# Rename this file to "watch" and then you can run the "uscan" command +# to check for upstream updates and more. +# See uscan(1) for format + +# Compulsory line, this is a version 3 file +version=3 + +http://cthulhu.c3d2.de/~toidinamai/vlock/archive/vlock-([\d\.]*)\.tar.gz + + --- vlock-2.2.2.orig/debian/vlock.postinst +++ vlock-2.2.2/debian/vlock.postinst @@ -0,0 +1,59 @@ +#!/bin/sh -e + +# inspired by the tor postinst script +# checking vlock group + +gid=`getent group vlock | cut -d ":" -f 3` + +# if there is the uid the account is there and we can do +# the sanit(ar)y checks otherwise we can safely create it. + +if [ -z "$gid" ]; then + # what this might mean?? oh creating a system l^Huser! + addgroup --quiet \ + --system \ + vlock +fi + +#They are not available anymore, so they can be safely removed if they exist. + +for i in /usr/sbin/vlock-nosysrq /usr/sbin/vlock-new /usr/sbin/vlock-current +do + # only do something when no setting exists + if dpkg-statoverride --list $i >/dev/null 2>&1 + then + dpkg-statoverride --remove $i + fi +done + +if ! dpkg-statoverride --list /usr/sbin/vlock-main >/dev/null 2>&1 +then + dpkg-statoverride --update --add root root 4711 /usr/sbin/vlock-main +fi + +#unprivileged modules + +for i in /usr/lib/vlock/modules/all.so +do + # only do something when no setting exists + if ! dpkg-statoverride --list $i >/dev/null 2>&1 + then + dpkg-statoverride --update --add root root 755 $i + fi +done + +#privileged modules + +for i in /usr/lib/vlock/modules/new.so /usr/lib/vlock/modules/nosysrq.so +do + # only do something when no setting exists + if ! dpkg-statoverride --list $i >/dev/null 2>&1 + then + dpkg-statoverride --update --add root vlock 750 $i + fi +done + + +#DEBHELPER# + +exit 0 --- vlock-2.2.2.orig/debian/README.Debian +++ vlock-2.2.2/debian/README.Debian @@ -0,0 +1,20 @@ +vlock for Debian +---------------- + +vlock is a denial of service tool. Linux allows any user logged into the +virtual console to lock the system completely. vlock takes this one step +further and potenially grants this ability (and potentially other, even more +hazardous ones) to any user through the use of plugins. + +The debian packages sets permissions that allow only users in the vlock +group to run dangerous modules. Others will still be able to lock their own +console or terminal and run plugins that are considered secure. But they +are for example not allowed to lock all consoles. + +Scripts +------- + +You can extend the functionality of vlock with scripts. Some example scripts +have been placed in /usr/share/doc/vlock/examples/scripts/. To use on of them install it to /usr/lib/vlock/scripts and make it executable. Scripts will be executed as the user executing vlock. For more informations see /usr/share/doc/vlock/PLUGINS. + + -- Alexander Wirt Sun, 25 May 2008 16:33:29 +0200 --- vlock-2.2.2.orig/debian/vlock.examples +++ vlock-2.2.2/debian/vlock.examples @@ -0,0 +1 @@ +scripts/ --- vlock-2.2.2.orig/debian/control +++ vlock-2.2.2/debian/control @@ -0,0 +1,18 @@ +Source: vlock +Section: utils +Priority: optional +Maintainer: Alexander Wirt +Uploaders: Joerg Jaspert , Peter Palfrader +Build-Depends: debhelper (>= 4), libpam0g-dev +Standards-Version: 3.8.0 + +Package: vlock +Architecture: any +Depends: ${shlibs:Depends}, libpam-modules, adduser +Conflicts: suidmanager (<< 0.50) +Description: Virtual Console locking program + vlock either locks the current terminal (which may be any kind of + terminal, local or remote), or locks the entire virtual console + system, completely disabling all console access. vlock gives up + these locks when either the password of the user who started vlock + or the root password is typed. --- vlock-2.2.2.orig/debian/vlock.dirs +++ vlock-2.2.2/debian/vlock.dirs @@ -0,0 +1,3 @@ +usr/bin +usr/share/lintian +usr/lib/vlock/scripts --- vlock-2.2.2.orig/debian/copyright +++ vlock-2.2.2/debian/copyright @@ -0,0 +1,40 @@ +This is the Debian GNU/Linux's prepackaged version of the VC locking +command vlock(1). + +It was put together from sources obtained from: + ftp://tsx-11.mit.edu/pub/linux/sources/usr.bin/vlock-1.2.tar.gz +And later updated with sources obtained from: + ftp://tsx-11.mit.edu/pub/linux/sources/usr.bin/vlock-1.3.tar.gz + +Since 2.0 sources are obtained from: + +http://cthulhu.c3d2.de/~toidinamai/vlock/archive/ + +Copyrights +---------- +Copyright (C) 1994-1998 Michael K. Johnson +Copyright (C) 2007 Frank Benkstein + +Modifications for Debian: + Copyright (C) 1996 Dominik Kubla + Copyright (C) 1997-1998 Juan Cespedes + Copyright (C) 1999 Zephaniah E. Hull + Copyright (C) 2005 Peter Palfrader + + +License +------- +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation version 2 only. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +A copy of the GNU General Public License is available as +`/usr/share/common-licenses/GPL' in the Debian GNU/Linux distribution or +on the World Wide Web at `http://www.gnu.org/copyleft/gpl.html'. You can +also obtain it by writing to the Free Software Foundation, Inc., +51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA --- vlock-2.2.2.orig/debian/vlock.postrm +++ vlock-2.2.2/debian/vlock.postrm @@ -0,0 +1,11 @@ +#!/bin/sh -e + +if [ "$1" = "purge" ]; then + #remove overrides + for i in /usr/sbin/vlock-main + do + dpkg-statoverride --remove $i + done +fi + +#DEBHELPER# --- vlock-2.2.2.orig/debian/compat +++ vlock-2.2.2/debian/compat @@ -0,0 +1 @@ +4 --- vlock-2.2.2.orig/debian/changelog +++ vlock-2.2.2/debian/changelog @@ -0,0 +1,276 @@ +vlock (2.2.2-3) unstable; urgency=low + + * Don't try to chgrp to "vlock" during build time (Closes: #486665) + * Bump standards version (No changes) + + -- Alexander Wirt Tue, 17 Jun 2008 17:13:25 +0200 + +vlock (2.2.2-2) unstable; urgency=low + + * Fix typo in vlock.postinst (Closes: #486581) + + -- Alexander Wirt Tue, 17 Jun 2008 11:43:13 +0200 + +vlock (2.2.2-1) unstable; urgency=low + + * New upstream release + * Depend on adduser (Closes: #480545) + * Add watchfile (Closes: #456019) + + -- Alexander Wirt Sun, 25 May 2008 15:15:41 +0200 + +vlock (2.1-2) unstable; urgency=low + + * Fix copyright file + * Change maintainer + + -- Alexander Wirt Wed, 12 Sep 2007 07:21:51 +0200 + +vlock (2.1-1) unstable; urgency=low + + * New upstream release + - Support for BSD (Closes: #435580) + + -- Alexander Wirt Tue, 11 Sep 2007 07:59:40 +0200 + +vlock (2.0-4) unstable; urgency=low + + * Fix utf-8 trouble. (Closes: 439619) + + -- Alexander Wirt Sun, 26 Aug 2007 07:41:45 +0200 + +vlock (2.0-3) unstable; urgency=medium + + * Fix permissions of /usr/sbin/vlock-current + + -- Alexander Wirt Sat, 25 Aug 2007 09:58:27 +0200 + +vlock (2.0-2) unstable; urgency=low + + * Check for overrides every time (Closes: #437822) + + -- Alexander Wirt Fri, 24 Aug 2007 09:44:22 +0200 + +vlock (2.0-1) unstable; urgency=low + + * New upstream release + + -- Alexander Wirt Mon, 13 Aug 2007 19:37:22 +0200 + +vlock (2.0~rc2-1) experimental; urgency=low + + * New upstream release + + -- Alexander Wirt Wed, 08 Aug 2007 13:09:55 +0200 + +vlock (2.0~rc1-1) unstable; urgency=low + + * New upstream release + + -- Alexander Wirt Sun, 05 Aug 2007 16:50:34 +0200 + +vlock (1.3-10) unstable; urgency=low + + * Add a patch from Guido Guenther that adds better checking for the return + code of correct_password() (Closes: #364081) + * Add a patch Daniel Kahn Gillmor thats stats the PAM Session only after + pressing enter. That prevents some problems with some exclusive-access PAM + modules like opensc (Closes: #318507) + * Include common-auth in the pam file (Closes: #265297) + * Depend on libpam-modules (Closes: #55834) + * Bump standards version + + -- Alexander Wirt Wed, 19 Jul 2006 20:26:23 +0200 + +vlock (1.3-9) unstable; urgency=low + + * New Maintainer/Uploaders (closes: #321755). + * Use debhelper compatibility level 4 instead of level 2. Accordingly + adapted the build time dependencies. + * debian/rules cleanup: + - removing commented out dh_make cruft, + - use "rm -f .." instead of "-rm ..", + - change to "new" chown syntax of chown user:group, replacing user.group. + - comment out DH_VERBOSE=1 + * Remove debian/conffiles. It only contained etc/pam.d/vlock, which + is marked as conffile by debhelper automatically. + * Increased standards version from 3.5.7.0 to 3.6.2 (no changes necessary). + * Rename debian/docs to debian/vlock.docs to be consistent with + debian/vlock.dirs. + * Fix debian/changelog: Parts have been duplicated in a previous version, + clean up the mess. + * Add myself to debian/copyright. + * Update the address of the Free Software Foundation in debian/copyright. + * Add lintian override for vlock being suid root. + * Use dh_install instead of install to copy the vlock binary in place. + This way we support DEB_BUILD_OPTIONS=nostrip. + * Remove vlock.man in clean target as it's build by upstream's Makefile + anyway and we don't need it in the diff. + * Do not build vlock.man during build. + + -- Peter Palfrader Mon, 20 Feb 2006 12:42:06 +0100 + +vlock (1.3-8) unstable; urgency=medium + + * Argh, forgot about this bug when RL jumped at me. + Applied patch from RISKO Gergely. + (closes: #181931) + + -- Zephaniah E. Hull Sun, 30 Mar 2003 15:32:58 -0500 + +vlock (1.3-7) unstable; urgency=low + + * Whoops, make sgid again. (So we can ask root's password!) + * Better error handling for PAM. (closes: #53049) + * Kill some unused template files in debian/ + * Update standards-version. + * Conflict with suidmanager and no-longer use it. + + -- Zephaniah E. Hull Thu, 03 Oct 2002 06:56:43 -0400 + +vlock (1.3-6) unstable; urgency=low + + * I somehow missed that there was an NMU. (closes: #132100) + * Add a -q --quiet option. + * No longer sgid. (closes: #75970) + * Correct URL for update. (closes: #152045) + + -- Zephaniah E. Hull Mon, 09 Sep 2002 10:23:26 -0400 + +vlock (1.3-5.1) unstable; urgency=low + + * Non Maintainer Upload. + * mark /etc/pam.d/vlock as a conffile (closes: #132100) + * remove call to dh_suidregister in debian/rules + * add Build-Depends on libpam0g-dev + + -- David Kimdon Sun, 10 Feb 2002 18:31:04 -0800 + +vlock (1.3-5) unstable; urgency=low + + * Remove the empty README.Debian. (closes: #54375) + * Update email address in maintainer field.. + + -- Zephaniah E. Hull Mon, 10 Jan 2000 01:13:16 -0500 + +vlock (1.3-4) unstable; urgency=low + + * Include pam config for vlock.. (closes: #49967) + + -- Zephaniah E. Hull Fri, 12 Nov 1999 09:07:17 -0500 + +vlock (1.3-3) unstable; urgency=medium + + * vlock has to be sgid shadow.. (closes: #49649) + + -- Zephaniah E. Hull Tue, 9 Nov 1999 09:01:50 -0500 + +vlock (1.3-2) unstable; urgency=low + + * Fixed a few packaging errors (maintainer, readme, download location) + + -- Zephaniah E. Hull Sun, 24 Oct 1999 14:43:55 -0400 + +vlock (1.3-1) unstable; urgency=low + + * New maintainer.. + * Repacked new upstream version with debhelper. (closes: #23873, #34506) + + -- Zephaniah E. Hull Sat, 9 Oct 1999 04:38:39 -0400 + +vlock (1.2-1) unstable; urgency=low + + * New upstream version + * Added upstream changelog file + + -- Juan Cespedes Sat, 28 Mar 1998 23:38:10 +0100 + +vlock (1.0-9) unstable; urgency=low + + * used setgid shadow for accessing shadow passwords (again...) + + -- Juan Cespedes Wed, 4 Feb 1998 09:22:48 +0100 + +vlock (1.0-8) unstable; urgency=low + + * Changed to in order to compile with glibc-2.1 + + -- Juan Cespedes Mon, 2 Feb 1998 23:14:09 +0100 + +vlock (1.0-7bo2) bo-unstable; urgency=low + + * Fixed wrong dependency on libc6 + + -- Juan Cespedes Mon, 2 Feb 1998 23:11:00 +0100 + +vlock (1.0-7bo1) bo-unstable; urgency=low + + * Build for bo-unstable to fix Bug#17685 + * Added `SHELL=bash' to debian/rules + * New Standards-Version: 2.4.0.0 + + -- Juan Cespedes Sat, 31 Jan 1998 23:53:36 +0100 + +vlock (1.0-7) unstable; urgency=low + + * New Standards-Version (2.3.0.1) + * Fixed minor bug regarding SA_RESTART and changing VTs + * Clear vtty when lock, restore it after unlock + + -- Juan Cespedes Sun, 26 Oct 1997 16:03:20 +0100 + +vlock (1.0-6) unstable; urgency=low + + * Fixed FSF postal address + * New maintainer address + * Minor fixes in documentation + * New Standards-Version + * Preserve modif times of doc files + + -- Juan Cespedes Thu, 11 Sep 1997 23:22:16 +0200 + +vlock (1.0-5) unstable; urgency=low + + * New maintainer + * used setgid shadow for accessing shadow passwords (fixes Bug#8544) + * Built with libc6 + + -- Juan Cespedes Sun, 10 Aug 1997 13:14:04 +0200 + +vlock (1.0-4) unstable; urgency=low + + * manual pages are now installed in 'gzip -9' format as per + "Debian Policy Manual", Section 3.2.1 + + * minor bugfixes in the debian/rules file. Should now comply with + "Debian Programmers Manual", Section 3.2.1 + + -- Dominik Kubla Mon, 30 Sep 1996 19:43:20 +0200 + +vlock (1.0-3) unstable; urgency=low + + * changelog file is now installed in /usr/doc/vlock as per + "Debian Policy Manual", section 3.2.6 + + * copyright file is now installed in /usr/doc/vlock as per + "Debian Policy Manual", section 3.2.6 + + * Symbolic links are now relative instead of absolute as per + "Debian Policy Manual", section 3.2.7 + + * package is now compiled with CFLAGS set to '-O2 -g -Wall' as per + "Debian Policy Manual", section 4.1 + + -- Dominik Kubla Sun, 29 Sep 1996 16:27:22 +0200 + +vlock (1.0-2) unstable; urgency=low + + * Converted to new packaing standards. + + -- Dominik Kubla Thu, 12 Sep 1996 09:44:45 +0200 + +vlock (1.0-1) unstable; urgency=low + + * New upstream version. + + -- Dominik Kubla Thu, 12 Sep 1996 09:44:45 +0200 --- vlock-2.2.2.orig/debian/NEWS +++ vlock-2.2.2/debian/NEWS @@ -0,0 +1,11 @@ +vlock (2.0-1) unstable; urgency=low + + vlock 2.0 expands the user's ability to lock a machine in two ways. First is + the ability to lock the entire console display without access to a virtual + console, i.e. from an X11 or even an SSH session. Secondly, SysRQ keys may be + disabled while the entire console display is locked. These two operations are + priviledged and should be restricted. Therefore, to be allowed to do either + of these a user must be added to the group 'vlock'. See + /usr/share/doc/vlock/SECURITY for more information. + + -- Alexander Wirt Mon, 13 Aug 2007 19:39:12 +0200 --- vlock-2.2.2.orig/debian/rules +++ vlock-2.2.2/debian/rules @@ -0,0 +1,67 @@ +#!/usr/bin/make -f + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +build: build-stamp +build-stamp: config.status + dh_testdir + + # Add here commands to compile the package. + $(MAKE) PREFIX=/usr + touch build-stamp + +config.status: configure + dh_testdir + ./configure VLOCK_GROUP=root +clean: + dh_testdir + dh_testroot + rm -f build-stamp install-stamp + + [ ! -f Makefile ] || $(MAKE) clean + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + $(MAKE) install DESTDIR=$(CURDIR)/debian/vlock/ PREFIX=/usr + for LINTIAN in debian/lintian/*; \ + do \ + install -D -m 644 $$LINTIAN debian/`basename $$LINTIAN`/usr/share/lintian/overrides/`basename $$LINTIAN` || exit 1; \ + done + + touch install-stamp + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installdocs README SECURITY PLUGINS + dh_installexamples --exclude=Makefile + dh_installmenu + dh_installpam + dh_installcron + dh_installman + dh_installinfo + dh_installchangelogs ChangeLog + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install --- vlock-2.2.2.orig/debian/lintian/vlock +++ vlock-2.2.2/debian/lintian/vlock @@ -0,0 +1,4 @@ +vlock: shared-lib-without-dependency-information ./usr/lib/vlock/modules/all.so +vlock: shared-lib-without-dependency-information ./usr/lib/vlock/modules/new.so +vlock: shared-lib-without-dependency-information ./usr/lib/vlock/modules/nosysrq.so +vlock: package-contains-empty-directory usr/lib/vlock/scripts/