Allow --without-privsep build.
Damien Miller
djm at mindrot.org
Sun Jan 8 12:27:34 EST 2006
David Woodhouse wrote:
> On Sun, 2006-01-08 at 01:01 +0000, David Woodhouse wrote:
>
>>I've been trying to cut down the size of openssh so I can run it on my
>>Nokia 770. One thing which helps a fair amount (and will help even more
>>when I get '-ffunction-sections -fdata-sections --gc-sections' working)
>>is to have the option of compiling out privilege separation...
>
>
> When running without privsep I found that sshd was always closing stdin
> when starting a login shell. The first channel's ->ctl_fd and ->sock
> were both set to zero, rather than -1. I'm not sure if this is something
> I introduced myself with the previous patch, or something about the
> Nokia 770 environment... any ideas?
See below.
> The other thing I did to reduce the code size, btw, was to turn libssh
> into a shared library -- I assume there's no interest in merging any
> change along those lines?
That is pretty much makefile changes. We don't do this because libssh.a
is really just a compilation shortcut and isn't intended to be any sort
of public API..
It would be very, very easy to hose your running sshd if you were
misguided enough to make this shared and ever forget to update the
library major number when the internals change. The internals change
with every release, and more frequently if you are hacking ssh.
> --- openssh-4.2p1/channels.c~ 2006-01-06 01:45:55.000000000 +0000
> +++ openssh-4.2p1/channels.c 2006-01-06 04:05:47.000000000 +0000
> @@ -183,6 +183,8 @@ channel_register_fds(Channel *c, int rfd
> c->rfd = rfd;
> c->wfd = wfd;
> c->efd = efd;
> + c->ctl_fd = -1; /* XXX: set elsewhere */
> + c->sock = -1;
> channel_fds_changed = 1;
This looks weird. My channel_register_fds() has this already:
> c->rfd = rfd;
> c->wfd = wfd;
> c->sock = (rfd == wfd) ? rfd : -1;
> c->ctl_fd = -1; /* XXX: set elsewhere */
> c->efd = efd;
> c->extended_usage = extusage;
More information about the openssh-unix-dev
mailing list