Solaris 2.5.1 dirname() bug in libgen.a affects OpenSSH2.9.9p2 auth.c
Tim Rice
tim at multitalents.net
Wed Oct 17 12:44:50 EST 2001
On Tue, 16 Oct 2001, Dan Astoorian wrote:
> I've discovered a problem with OpenSSH 2.9.9p2 under Solaris 2.5.1 .
>
> In auth.c, secure_filename() walks upwards toward the user's home
> directory or the filesystem root, verifying that no directories along
> the way are group or world writable.
>
> Solaris 2.5.1's dirname() function has a bug where dirname("/.ssh")
> returns an empty string instead of "/".
>
> This causes secure_filename() to try to stat(""), fail, and report
> "bad ownership or modes for directory ".
>
How about writing a small C we can use to test for this bug
at configure time. dirname() is allready in openbsd-compat so
we can use that if it's broken.
--------< from autoconf docs >--------
Guidelines for Test Programs
Test programs should not write anything to the standard output.
They should return 0 if the test succeeds, nonzero otherwise, so
that success can be distinguished easily from a core dump or other
failure; segmentation violations and other failures produce a
nonzero exit status. Test programs should exit, not return, from main,
because on some systems (old Suns, at least) the argument to return
in main is ignored.
--------------------------------------
> I discovered this when upgrading from 2.3.0p1 to 2.9.9p2: root was
> unable to use RSA authentication because of it.
[snip]
--
Tim Rice Multitalents (707) 887-1469
tim at multitalents.net
More information about the openssh-unix-dev
mailing list