simon-git: putty (master): putty.git

Commits to Tartarus hosted VCS tartarus-commits at lists.tartarus.org
Mon Jan 30 19:47:40 GMT 2017 

TL;DR:
  e22120f Turn off Windows process ACL restriction by default.
  1b2cc40 Refuse to forward agent messages > AGENT_MAX_MSGLEN.
  9c3700a Remove duplicate definition of AGENT_MAX_MSGLEN.

Repository:     https://git.tartarus.org/simon/putty.git
On the web:     https://git.tartarus.org/?p=simon/putty.git
Branch updated: master
Committer:      putty.git
Date:           2017-01-30 19:47:40

commit e22120fea8d39e6a2ef6b2f4ab3ee5502f56169a
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=e22120fea8d39e6a2ef6b2f4ab3ee5502f56169a;hp=54cc0c5b296ee7c27b48a3c8e7aead6e74f2abf1
Author: Simon Tatham <anakin at pobox.com>
Date:   Sat Jan 28 21:56:28 2017 +0000

    Turn off Windows process ACL restriction by default.
    
    As documented in bug 'win-process-acl-finesse', we've had enough
    assorted complaints about it breaking various non-malicious pieces of
    Windows process interaction (ranging from git->plink integration to
    screen readers for the vision-impaired) that I think it's more
    sensible to set the process back to its default level of protection.
    
    This precaution was never a fully effective protection anyway, due to
    the race condition at process startup; the only properly effective
    defence would have been to prevent malware running under the same user
    ID as PuTTY in the first place, so in that sense, nothing has changed.
    But people who want the arguable defence-in-depth advantage of the ACL
    restriction can now turn it on with the '-restrict-acl' command-line
    option, and it's up to them whether they can live with the assorted
    inconveniences that come with it.
    
    In the course of this change, I've centralised a bit more of the
    restriction code into winsecur.c, to avoid repeating the error
    handling in multiple places.

 Recipe             |  7 +------
 cmdline.c          | 11 +++++++++++
 doc/using.but      | 21 +++++++++++++++++++++
 windows/window.c   | 15 ---------------
 windows/winpgen.c  | 32 ++++++++++----------------------
 windows/winpgnt.c  | 21 ++++-----------------
 windows/winplink.c | 16 ----------------
 windows/winsecur.c | 34 +++++++++++++++++++++++++++++++++-
 windows/winsecur.h |  2 --
 windows/winsftp.c  | 15 ---------------
 windows/winstuff.h |  1 +
 11 files changed, 81 insertions(+), 94 deletions(-)

commit 1b2cc402448da230af90ade6331f4712f73df6b0
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=1b2cc402448da230af90ade6331f4712f73df6b0;hp=e22120fea8d39e6a2ef6b2f4ab3ee5502f56169a
Author: Simon Tatham <anakin at pobox.com>
Date:   Mon Jan 30 19:42:25 2017 +0000

    Refuse to forward agent messages > AGENT_MAX_MSGLEN.
    
    Mostly so that we don't have to malloc contiguous space for them
    inside PuTTY; since we've already got a handy constant saying how big
    is too big, we might as well use it to sanity-check the contents of
    our agent forwarding channels.

 ssh.c | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

commit 9c3700a6d3d037bd823a65f5837264605891b2ea
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=9c3700a6d3d037bd823a65f5837264605891b2ea;hp=1b2cc402448da230af90ade6331f4712f73df6b0
Author: Simon Tatham <anakin at pobox.com>
Date:   Mon Jan 30 19:42:28 2017 +0000

    Remove duplicate definition of AGENT_MAX_MSGLEN.
    
    Now all references of that constant use the same definition in
    pageant.h, so it'll be easy to change if we ever need to.

 windows/winpgntc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

More information about the tartarus-commits mailing list