Solaris 2.5.1 dirname() bug in libgen.a affects OpenSSH2.9.9p2 auth.c

openssh-unix-dev at openssh-unix-dev at
Wed Oct 17 09:48:35 EST 2001

On Tue, Oct 16, 2001 at 03:36:42PM -0400, Dan Astoorian wrote:
> I've discovered a problem with OpenSSH 2.9.9p2 under Solaris 2.5.1 .
> In auth.c, secure_filename() walks upwards toward the user's home
> directory or the filesystem root, verifying that no directories along
> the way are group or world writable.
> Solaris 2.5.1's dirname() function has a bug where dirname("/.ssh")
> returns an empty string instead of "/".

I was able to duplicate this on our 2.5.1 machine. It is reported as
bug id #4055505 at There is a libgen patch available
as 106274-01 but it's a fix to some regex issue so I guess there is no
solution from Sun for this problem.

> Dan Astoorian               People shouldn't think that it's better to have

albert chin (china at

More information about the openssh-unix-dev mailing list