Solaris 2.5.1 dirname() bug in libgen.a affects OpenSSH2.9.9p2 auth.c

Tim Rice tim at
Wed Oct 17 12:44:50 EST 2001

On Tue, 16 Oct 2001, Dan Astoorian wrote:

> I've discovered a problem with OpenSSH 2.9.9p2 under Solaris 2.5.1 .
> In auth.c, secure_filename() walks upwards toward the user's home
> directory or the filesystem root, verifying that no directories along
> the way are group or world writable.
> Solaris 2.5.1's dirname() function has a bug where dirname("/.ssh")
> returns an empty string instead of "/".
> This causes secure_filename() to try to stat(""), fail, and report
> "bad ownership or modes for directory ".

How about writing a small C we can use to test for this bug
at configure time.  dirname() is allready in openbsd-compat so
we can use that if it's broken.

--------< from autoconf docs >--------

Guidelines for Test Programs
Test programs should not write anything to the standard output.
They should return 0 if the test succeeds, nonzero otherwise, so
that success can be distinguished easily from a core dump or other
failure; segmentation violations and other failures produce a
nonzero exit status. Test programs should exit, not return, from main,
because on some systems (old Suns, at least) the argument to return
in main is ignored.


> I discovered this when upgrading from 2.3.0p1 to 2.9.9p2: root was
> unable to use RSA authentication because of it.

Tim Rice				Multitalents	(707) 887-1469
tim at

More information about the openssh-unix-dev mailing list