-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Version 1.1 of fsh has been released. It is available from these locations:
http://www.lysator.liu.se/fsh/ ftp://ftp.lysator.liu.se/pub/unix/fsh/
Here is a list of the most important changes made since version 1.0:
* fshd exits when it has been unused ten hours. The timeout can be changed at configure time with --enable-timeout=TIME and at runtime with --timeout=TIME. (TIME is measured in seconds).
* fcp should now work with OpenSSH 2.x.
* The socket creation code in fshd was not paranoid enough. There were are at least two possible attacks: - If a malicious user has symlinked /tmp/fshd-<UID> to another file, fshd will chmod 0700 that file. - A race condition made it possible for an attacker to create an unsafe socket directory, so that the attacker can access an fshd tunnel.
The attacker must alread have a local shell on the computer where fsh or fshd is invoked.
* Detection of process death has been improved. A simple "fsh host echo hello" could sometimes take 5 extra seconds for no good reason.
* Prompts such as "host key not found", "enter passphrase" and "enter password" emitted by ssh is no longer silently swollowed by fsh. This means that you can use fsh even if you need to supply a password to ssh when you log in.
* The method name supplied in "-r method" may contain any character, including slashes.
* Allow "fsh host -l login cmd" as well as "fsh -l login host cmd". This is needed in some configurations of CVS.
/ceder