Merge pull request neurobin#75 from Intika-Linux-Apps/master

Remove experimental feature s
xinjiezhu · Mar 4, 2019 · a70380f · a70380f
2 parents d5d1b89 + 6495e11
commit a70380f
Show file tree

Hide file tree

Showing 8 changed files with 147 additions and 96 deletions.
diff --git a/AUTHORS b/AUTHORS
@@ -1,2 +1,3 @@
 Francisco Garcia <[email protected]>
+intika <[email protected]>
 MD. JAHIDUL HAMID <[email protected]>
diff --git a/ChangeLog b/ChangeLog
@@ -1,5 +1,13 @@
 CHANGES
 
+4.0.3 Tue Nov 20 08:22:20 UTC 2018
+
+    * Enhance -H flag by intika <https://github.com/intika> (Hide commands arguments from ps and cmdline)
+
+4.0.2 Tue Nov 20 08:22:20 UTC 2018
+
+    * Remove -s flag (experimental feature not working as expected by intika <https://github.com/intika>)
+
 4.0.1 Tue Nov 20 08:22:20 UTC 2018
 
     * Add LDFLAGS environment variable (Thanks to zboszor <https://github.com/zboszor>)

diff --git a/README.md b/README.md
@@ -38,7 +38,6 @@ shc [options]
 shc -f script.sh -o binary
 shc -U -f script.sh -o binary # Untraceable binary (prevent strace, ptrace etc..)
 shc -H -f script.sh -o binary # Untraceable binary, does not require root (only bourne shell (sh) scripts with no parameter)
-shc -H -s -f script.sh -o binary # Untraceable binary running in a singe process, does not require root (only bourne shell (sh) scripts with no parameter)
 ```
 
 ## The hardening flag -H

diff --git a/configure b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for shc 4.0.1.
+# Generated by GNU Autoconf 2.69 for shc 4.0.3.
 #
 # Report bugs to <http://github.com/neurobin/shc/issues>.
 #
@@ -580,8 +580,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='shc'
 PACKAGE_TARNAME='shc'
-PACKAGE_VERSION='4.0.1'
-PACKAGE_STRING='shc 4.0.1'
+PACKAGE_VERSION='4.0.3'
+PACKAGE_STRING='shc 4.0.3'
 PACKAGE_BUGREPORT='http://github.com/neurobin/shc/issues'
 PACKAGE_URL=''
 
@@ -1279,7 +1279,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures shc 4.0.1 to adapt to many kinds of systems.
+\`configure' configures shc 4.0.3 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1346,7 +1346,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of shc 4.0.1:";;
+     short | recursive ) echo "Configuration of shc 4.0.3:";;
    esac
   cat <<\_ACEOF
 
@@ -1437,7 +1437,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-shc configure 4.0.1
+shc configure 4.0.3
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1863,7 +1863,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by shc $as_me 4.0.1, which was
+It was created by shc $as_me 4.0.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2733,7 +2733,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='shc'
- VERSION='4.0.1'
+ VERSION='4.0.3'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -5311,7 +5311,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by shc $as_me 4.0.1, which was
+This file was extended by shc $as_me 4.0.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -5368,7 +5368,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-shc config.status 4.0.1
+shc config.status 4.0.3
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 

diff --git a/configure.ac b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([shc], [4.0.1], [http://github.com/neurobin/shc/issues])
+AC_INIT([shc], [4.0.3], [http://github.com/neurobin/shc/issues])
 AC_CONFIG_AUX_DIR(config)
 #prefix="/usr"
 AC_CONFIG_SRCDIR([src/shc.c])

diff --git a/man.md b/man.md
@@ -7,7 +7,7 @@
 shc - Generic shell script compiler
 
 # SYNOPSIS
-**shc** [ -e *date* ] [ -m *addr* ] [ -i *iopt* ] [ -x *cmnd* ] [ -l *lopt* ] [ -o *outfile* ] [ -ABCDhUHsvSr ] -f *script* 
+**shc** [ -e *date* ] [ -m *addr* ] [ -i *iopt* ] [ -x *cmnd* ] [ -l *lopt* ] [ -o *outfile* ] [ -ABCDhUHvSr ] -f *script* 
 
 # DESCRIPTION
 **shc** creates a stripped binary executable version of the script specified with `-f` on the command line.
@@ -71,10 +71,7 @@ You can use it if you wish to distribute your scripts but don't want them to be
 : Make binary to be untraceable (using *strace*, *ptrace*, *truss*, etc.) 
 
 -H
-: Hardening. Extra security flag without root access requirement that protects against dumping, code injection, `cat /proc/pid/cmdline`, ptrace, etc.. This feature is **experimental** and may not work on all systems. This option currently only works with Bourne shell (sh) scripts without any positional parameters.
-
--s
-: Hardening with single process. Requires -H option, runs the binary in a single process, shell is called in the main process otherwise its called in a child process. This feature is **experimental** (may hang) and may not work on all systems. This option currently only works with Bourne shell (sh) scripts without any positional parameters.
+: Hardening. Extra security flag without root access requirement that protects against dumping, code injection, `cat /proc/pid/cmdline`, ptrace, etc.. This feature is **experimental** and may not work on all systems. it require bourne shell (sh) scripts
 
 -C
 : Display license and exit 

diff --git a/shc.1 b/shc.1
@@ -6,7 +6,7 @@ shc \- Generic shell script compiler
 .PP
 \f[B]shc\f[] [ \-e \f[I]date\f[] ] [ \-m \f[I]addr\f[] ] [ \-i
 \f[I]iopt\f[] ] [ \-x \f[I]cmnd\f[] ] [ \-l \f[I]lopt\f[] ] [ \-o
-\f[I]outfile\f[] ] [ \-ABCDhUHsvSr ] \-f \f[I]script\f[]
+\f[I]outfile\f[] ] [ \-ABCDhUHvSr ] \-f \f[I]script\f[]
 .SH DESCRIPTION
 .PP
 \f[B]shc\f[] creates a stripped binary executable version of the script
@@ -86,15 +86,7 @@ Extra security flag without root access requirement that protects
 against dumping, code injection, \f[C]cat\ /proc/pid/cmdline\f[],
 ptrace, etc..
 This feature is \f[B]experimental\f[] and may not work on all systems.
-This option currently only works with Bourne shell (sh) scripts without
-any positional parameters.
-.PP
-\-s : Hardening with single process.
-Requires \-H option, runs the binary in a single process, shell is
-called in the main process otherwise its called in a child process.
-This feature is \f[B]experimental\f[] (may hang) and may not work on all
-systems.
-This option currently only works with Bourne shell (sh) scripts without
+it require bourne shell (sh) scripts
 any positional parameters.
 .PP
 \-C : Display license and exit
@@ -147,6 +139,8 @@ limited by the operating system configuration parameter
 .PP
 Francisco Rosales <[email protected]>
 .PP
+intika <[email protected]>
+.PP
 Md Jahidul Hamid <[email protected]>
 .SH REPORT BUGS TO
 .PP