Changelog for set_rtlimits
==========================

Entries by Jonathan Woithe (JMW) unless otherwise noted.

29 May 2005: v1.0.0
 - initial version released.

6 June 2005: v1.1.0
 - set_rtlimits.c: main(): only print kernel version suggestion if setting
   of resource limits fail *and* the program isn't running setuid root.
 - set_rtlimits.c: check_config_file(): expand configuration file syntax.
   A group name is now explicitly flagged by preceeding the name with an @
   sign.  This removes the ambiguity between usernames and groupnames which
   came about mainly due to having insufficient time to implement group
   support "properly" during the initial coding.
 - set_rtlimits.c: check_config_file(): ensure {uid,gid}_from_file are
   reset before processing each new configuration file entry.  This is
   now needed due to the changed logic flow associated with the
   implementation of the @ group specifier functionality.
 - set_rtlimits.c: minor tweaks to error messages to improve clarity.
 - set_rtlimits.c: check_config_file(): a user's supplementary groups are
   now also scanned for a match against the group specified in the
   configuration file.  Thanks to Jack O'Quin for the idea.
 - README: minor additions to clarify latest findings with respect to
   muse 0.7.2pre1.
 - set_rtlimits.c: show_usage(): include version number in usage
   output.
 - Makefile: when processing the `install' target, don't overwrite
   /etc/set_rtlimits.conf if it already exists.
 - version 1.1.0 released.

25 September 2005:
 - name change from set_rtlimits to set_rlimits.  This reflects future plans
   whereby this program will be able to control resource limits other than
   those explicitly dealing with real-time priorities.  "set_rtlimits"
   changed to "set_rlimits" in source and support files.
 - set_rlimits.c: bump version number to 1.2.0.
 - set_rlimits.c: new array type Rlimits which will ultimately replace
   the separate variables used to keep track of different priorities.  For
   now it simply contains space for the existing resource limits supported,
   but ultimately it will be extended to support additional resource limits
   such as lockable memory.

2 October 2005:
 - set_rlimits.c: major changes to check_config_file() to support the
   extension to other resource limits in a scalable way.  read_priority()
   takes care of reading a resource limit priority from the configuration
   file using the new format syntax while still supporting the original
   syntax if it is encountered.  New helper function scan_conf_file_rlimits()
   takes care of extracting resource limit details from the configuration
   file.  The new check_user_match() function deals with testing for a
   user/group match.
 - set_rlimits.c: check_config_file(): maximum resource limits as set in
   a matching configuration file entry are now returned in an Rlimits
   parameter rather than via global variables.
 - set_rlimits.c: check_config_file(): the exec_path parameter can now be
   the name of a binary without any path information for user convenience. 
   If a path-less name is found to match a binary in a configuration file
   entry (which now must include an absolute path), exec_path is replaced
   with this full path to ensure a user can't execute their own
   renamed binaries.  It is assumed that exec_path has been allocated with
   malloc() since free() is called before resetting it.
 - set_rlimits.c: main(): copy the program to execute to a local string
   using strdup() and use this throughout rather than referencing the
   program name directly from argv[].  This allows check_config_file() to
   free() exec_path if it's necessary to replace it with a full path. 
   Before calling execvp() the relevant entry in argv[] is replaced with the
   rewritten program name so the full pathname also shows up in argv[0]
   under the executed process.  This is probably not the "official" way of
   doing this kind of thing but it seems to work, causes no ill-effects, 
   and is easy.
 - set_rlimits.c: check_config_file(): minor change to default program 
   behaviour.  With no options on the command line, all resource
   limits specified in the configuration file are set to the maximums as
   defined in the configuration file.  This avoids the need for users to
   continually specify the resource limit values via the command line.
 - set_rlimits.c: it should now be possible to add support for additional
   resource limits by defining a new member of the RLIMITS_* enum and then
   adding details of the new limit(s) to conf_file_keywords, rlimits_max,
   rlimits_cl_opt and rlimit_resource defined near the top of the file.
 - set_rlimits.c: parse_args(): collapse multiple switch clauses for
   different resource limit options into a single code block.
 - set_rlimits.c: parse_args(): extend syntax of options controlling
   resource limits.  Setting a limit of exactly -1 disables the setting of
   that limit even if it's defined in the configuration file.
 - set_rlimits.c: show_usage(): update with revised information for this
   version.

4 October 2005:
 - set_rlimits.c: show_usage(): minor editting to improve clarity.

6 December 2005:
 - set_rlimits.c: parse_args(): allow rlimits_cl_opt elements to be set to
   NULL to signify that there is no command line option for a given limit.

19 December 2005:
 - set_rlimits.c: add memlock resource limit to the list of limits which
   can be set by set_rlimits.
 - set_rlimits.8: significant changes to document new features added since
   1.1.0 release.
 - README: tweaks to take into account new features and to clarify some
   sections.
 - set_rlimits.conf: add comments covering the new enhanced configuration
   file syntax.

20 December 2005: v1.2.0
 - set_rlimits.8: minor edits.
 - set_rlimits.c: check_config_file(): make exec_path a pointer to a char
   pointer so the reallocated string pointer can be returned to the caller
   in the event it needs to be turned into an absolute path based on a
   configuration file entry.
 - set_rlimits.c: main(): simplify debug output code.
 - set_rlimits.c: main(): {get,set}rlimits() expects the memlock rlimit
   argument to be in bytes.  Therefore scale the argument to these functions
   accordingly when dealing with the memlock rlimit, since set_rlimits (like
   most other things) uses units of kB for the memlock limit.
 - set_rlimits.c: check_config_file(): report memlock rlimit from
   configuration file entry when in debug mode.  Abort program if a memory
   allocation error occurs while resizing *exec_path.
 - version 1.2.0 released.

2 September 2006:
 - set_rlimits.c: main(), parse_args(): add new `-L' option which allows
   the user to set an LD_LIBRARY_PATH value for the executed program.
   Any LD_LIBRARY_PATH value is not seen by set_rlimits because it runs
   setuid; this new option provides a means for the called program to 
   utilise LD_LIBRARY_PATH if desired.  The only problem is that as it
   stands this constitutes a security vulnerability since users could
   replace system libraries in order to subvert set_rlimits.  Until this
   is sorted no release will be made.
 - set_rlimits.c: show_usage(): document the new `-L' option and correct
   some incidental typos.
 - set_rlimits.8: document the new `-L' option.
 - set_rlimits.c: bump version number and revise copyright years.

22 May 2008: v1.3.0
 - Makefile: integrate minor changes suggested by Lucas C. Villa Real
   (lucasvr@gobolinux.org) to make installation easier on systems where
   uid 0 is not associated with the name "root".
 - set_rlimits.c: main(): check permissions of requested LD_LIBRARY_PATH
   directories via new function check_ld_path.  Allow setting of
   LD_LIBRARY_PATH only if root owns all directories supplied and there is
   no group/other write permission.  This prevents ordinary users
   substituting standard libraries to subvert binaries run via set_rlimits
   and finally clears the way for a new release.
 - set_rlimits.c: revise copyright years.
 - version 1.3.0 released.
