OpenSSH 4.1: call for testing.

Robert Banz banz at
Wed Apr 6 02:09:57 EST 2005

Darren Tucker wrote:
> Edgar, Bob wrote:
>> On Solaris10/Sparc:
>> My first make tests failed as below. Running again, all tests pass.
>> I then started again with a clean directory and did configure && make 
>> tests
>> without errors. Pehaps this is just wierdness on my system but perhaps
>> someone else will see something obvious.
> No, nothing obvious.
> One possibility: if you're using OpenSSL <= 0.9.7e compiled on Solaris 
> 10, it won't use the /dev/*random devices.  This means that the 
> ssh-rand-helper needs to exist in its final location (/usr/local/libexec 
> by default) in order for the tests to run (so if it started working 
> after a "make install" then that's probably the reason).

This is due to a bug in OpenSSL; they use the option O_NOFOLLOW on 
opening the /dev/random devices -- and, on Solaris, this is a no-no, as 
/dev/random is a symlink to /devices/pseudo/[blah blah].

You can comment out the O_NOFOLLOW option in your openssl source, it's 
in crypto/rand/rand_unix.c.  This shouldn't open up much of a security 
hole -- if you have a situation where someone could place a trojan 
symlink in /dev, you've got other problems on your hands than not having 
a good random number source :)

I submitted a bug to the openssl folks awhile back; this worked previous 
to S10, as Solaris just recently began supporting O_NOFOLLOW.


More information about the openssh-unix-dev mailing list