privsep patch, Please test (take 3)

Tim Rice tim at multitalents.net
Fri Jun 7 12:02:19 EST 2002 

On Thu, 6 Jun 2002, Ben Lindstrom wrote:

> On Thu, 6 Jun 2002, Tim Rice wrote:
>
> > On Thu, 6 Jun 2002, Kevin Steves wrote:
> >
> > > On Wed, Jun 05, 2002 at 06:22:39PM -0700, Tim Rice wrote:
> > [snip]
> > > > +#elif defined(HAVE_MMAP_DEV_ZERO_PRIVATE)
> > > > +	address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_PRIVATE,
> > > > +	    open("/dev/zero", O_RDWR), 0);
> > > > +#endif
> > > >  	if (address == MAP_FAILED)
> > > >  		fatal("mmap(%lu)", (u_long)size);
> > > >  #else
> > >
> > > hmm, more ifdefs.  can there be xmmap() so there's one line of diff
> > > between openbsd?  and again, i think we should use mm if possible.
> >
> > Privsep may be important enough to introduce another library dependency.
> > It seems like it may address the platforms that have no mmap.
> > Ben said he didn't like the idea of requiring another library.
> > We haven't heard from Damien yet.
> >
>
> Not extactly what I said.  I said I would perfer to use the native mmap
> *IF* it will work.  I have no problems falling back to mm if there is no
> usable mmap().

Thanks for the clarification.

>
> Personally I could care less if we do xmmap()  that defaults to mmap() if
> it works with anonymous.. Otherwise fail over to mm library.

I'm in the middle of some projects right now and probably won't have
time for a couple of weeks. It would be great if someone would take
the patch and run with it.

>
> I just think for the 80% of the population that will be using OpenSSH on
> reasonable OSes to be punished into installing yet another library.
>
> I've spent way too many hours tracking down software dependancies lately
> while building a video editing platform that drive this point home.
>
>
> BTW, I still don't think we can use MAP_PRIVATE.  Do we have a platform
> where we can prove that MAP_PRIVATE w/ /dev/zero and compression all work
> correctly together?

No. It's just there in case there is a platform that doesn't have MAP_ANON
and has a broken MAP_SHARED like Linux 2.2.x
Like on Linux 2.2.x you could have privsep without compression.

>  - Ben
>

-- 
Tim Rice				Multitalents	(707) 887-1469
tim at multitalents.net

More information about the openssh-unix-dev mailing list