[openssh-commits] [openssh] 05/06: upstream: it's no longer possible to disable privilege separation

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Dec 16 14:20:47 AEDT 2019


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit a7fc1df246e80bfdabd09b069b91c72f9c578ca8
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Dec 11 18:47:14 2019 +0000

    upstream: it's no longer possible to disable privilege separation
    
    in sshd, so don't double the tests' work by trying both off/on
    
    OpenBSD-Regress-ID: d366665466dbd09e9b707305da884be3e7619c68
---
 regress/cert-hostkey.sh       | 6 +++---
 regress/cert-userkey.sh       | 6 +++---
 regress/hostkey-agent.sh      | 4 ++--
 regress/multipubkey.sh        | 4 ++--
 regress/principals-command.sh | 4 ++--
 5 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
index dc40b782..67a9795d 100644
--- a/regress/cert-hostkey.sh
+++ b/regress/cert-hostkey.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: cert-hostkey.sh,v 1.20 2019/11/26 23:43:10 djm Exp $
+#	$OpenBSD: cert-hostkey.sh,v 1.21 2019/12/11 18:47:14 djm Exp $
 #	Placed in the Public Domain.
 
 tid="certified host keys"
@@ -131,7 +131,7 @@ attempt_connect() {
 }
 
 # Basic connect and revocation tests.
-for privsep in yes sandbox ; do
+for privsep in yes ; do
 	for ktype in $PLAIN_TYPES ; do
 		verbose "$tid: host ${ktype} cert connect privsep $privsep"
 		(
@@ -169,7 +169,7 @@ for ktype in $PLAIN_TYPES ; do
 	kh_revoke cert_host_key_${ktype}.pub >> $OBJ/known_hosts-cert.orig
 done
 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert
-for privsep in yes sandbox ; do
+for privsep in yes ; do
 	for ktype in $PLAIN_TYPES ; do
 		verbose "$tid: host ${ktype} revoked cert privsep $privsep"
 		(
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
index d6e293d5..87d30d27 100644
--- a/regress/cert-userkey.sh
+++ b/regress/cert-userkey.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: cert-userkey.sh,v 1.23 2019/11/26 23:43:10 djm Exp $
+#	$OpenBSD: cert-userkey.sh,v 1.24 2019/12/11 18:47:14 djm Exp $
 #	Placed in the Public Domain.
 
 tid="certified user keys"
@@ -60,7 +60,7 @@ done
 # Test explicitly-specified principals
 for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
 	t=$(kname $ktype)
-	for privsep in yes sandbox ; do
+	for privsep in yes ; do
 		_prefix="${ktype} privsep $privsep"
 
 		# Setup for AuthorizedPrincipalsFile
@@ -197,7 +197,7 @@ basic_tests() {
 
 	for ktype in $PLAIN_TYPES ; do
 		t=$(kname $ktype)
-		for privsep in yes no ; do
+		for privsep in yes ; do
 			_prefix="${ktype} privsep $privsep $auth"
 			# Simple connect
 			verbose "$tid: ${_prefix} connect"
diff --git a/regress/hostkey-agent.sh b/regress/hostkey-agent.sh
index af2ed780..7f490e01 100644
--- a/regress/hostkey-agent.sh
+++ b/regress/hostkey-agent.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: hostkey-agent.sh,v 1.9 2019/11/26 23:43:10 djm Exp $
+#	$OpenBSD: hostkey-agent.sh,v 1.10 2019/12/11 18:47:14 djm Exp $
 #	Placed in the Public Domain.
 
 tid="hostkey agent"
@@ -30,7 +30,7 @@ cp $OBJ/known_hosts.orig $OBJ/known_hosts
 
 unset SSH_AUTH_SOCK
 
-for ps in no yes; do
+for ps in yes; do
 	for k in `${SSH} -Q key-plain | filter_sk` ; do
 		verbose "key type $k privsep=$ps"
 		cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy
diff --git a/regress/multipubkey.sh b/regress/multipubkey.sh
index 4d443ec4..9b227335 100644
--- a/regress/multipubkey.sh
+++ b/regress/multipubkey.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: multipubkey.sh,v 1.2 2018/10/31 11:09:27 dtucker Exp $
+#	$OpenBSD: multipubkey.sh,v 1.3 2019/12/11 18:47:14 djm Exp $
 #	Placed in the Public Domain.
 
 tid="multiple pubkey"
@@ -31,7 +31,7 @@ grep -v IdentityFile $OBJ/ssh_proxy.orig > $OBJ/ssh_proxy
 opts="-oProtocol=2 -F $OBJ/ssh_proxy -oIdentitiesOnly=yes"
 opts="$opts -i $OBJ/cert_user_key1 -i $OBJ/user_key1 -i $OBJ/user_key2"
 
-for privsep in yes sandbox ; do
+for privsep in yes ; do
 	(
 		grep -v "Protocol"  $OBJ/sshd_proxy.orig
 		echo "Protocol 2"
diff --git a/regress/principals-command.sh b/regress/principals-command.sh
index a91858cb..9e85e8e7 100644
--- a/regress/principals-command.sh
+++ b/regress/principals-command.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: principals-command.sh,v 1.8 2019/11/01 01:55:41 djm Exp $
+#	$OpenBSD: principals-command.sh,v 1.10 2019/12/11 18:47:14 djm Exp $
 #	Placed in the Public Domain.
 
 tid="authorized principals command"
@@ -63,7 +63,7 @@ fi
 
 if [ -x $PRINCIPALS_COMMAND ]; then
 	# Test explicitly-specified principals
-	for privsep in yes sandbox ; do
+	for privsep in yes ; do
 		_prefix="privsep $privsep"
 
 		# Setup for AuthorizedPrincipalsCommand

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list