Call for testing: OpenSSH-5.9

Mon Aug 15 21:41:37 EST 2011

On Aug 14 10:30, Damien Miller wrote:
> Hi,
> 
> OpenSSH 5.9 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This release contains a
> couple of new features and changes and bug fixes. Testing of the new
> sandboxed privilege separation mode (see below) would be particularly
> appreciated.
> 
> Snapshot releases for portable OpenSSH are available from
> http://www.mindrot.org/openssh_snap/
> 
> The OpenBSD version is available in CVS HEAD:
> http://www.openbsd.org/anoncvs.html
> 
> Portable OpenSSH is also available via anonymous CVS using the
> instructions at http://www.openssh.com/portable.html#cvs or
> via Mercurial at http://hg.mindrot.org/openssh
> 
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
> 
> $ ./configure && make tests

Current CVS builds fine and all tests pass on Cygwin.

>    Sandboxing of the privilege separated child process will become the
>    default in a future release. We'd also like to include native
>    sandboxes for other platforms.

I'm still thinking about how to do that for Cygwin.  There's no way on
Windows to remove user permission to create files in a generic way.  But
maybe the UAC feature since Vista is a way to accomplish sandboxing at
least on Vista and later by starting the process as a low integrity
process.  I have to take a closer look into this stuff.

While I was at it, it occured to me that there's another piece of
Cygwin-specific code which can go away.  Pipes are always created as
binary pipes for quite some time now.  There's no supported version of
Cygwin left which allowed to create textmode pipes.  Therefore, the
binary_pipe code can go away.  Here's the patch:

Index: openbsd-compat/bsd-cygwin_util.c
===================================================================
RCS file: /cvs/openssh/openbsd-compat/bsd-cygwin_util.c,v
retrieving revision 1.22
diff -u -p -r1.22 bsd-cygwin_util.c

--- openbsd-compat/bsd-cygwin_util.c	27 Feb 2010 16:29:33 -0000	1.22
+++ openbsd-compat/bsd-cygwin_util.c	15 Aug 2011 10:59:57 -0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2001, Corinna Vinschen <vinschen at cygnus.com>
+ * Copyright (c) 2000, 2001, 2011 Corinna Vinschen <vinschen at redhat.com>
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -34,9 +34,6 @@
 #if defined(open) && open == binary_open
 # undef open
 #endif
-#if defined(pipe) && open == binary_pipe
-# undef pipe
-#endif
 
 #include <sys/types.h>
 
@@ -57,18 +54,6 @@ binary_open(const char *filename, int fl
 	mode = va_arg(ap, mode_t);
 	va_end(ap);
 	return (open(filename, flags | O_BINARY, mode));
-}
-
-int 
-binary_pipe(int fd[2])
-{
-	int ret = pipe(fd);
-
-	if (!ret) {
-		setmode(fd[0], O_BINARY);
-		setmode(fd[1], O_BINARY);
-	}
-	return (ret);
 }
 
 int
Index: openbsd-compat/bsd-cygwin_util.h
===================================================================
RCS file: /cvs/openssh/openbsd-compat/bsd-cygwin_util.h,v
retrieving revision 1.12
diff -u -p -r1.12 bsd-cygwin_util.h
--- openbsd-compat/bsd-cygwin_util.h	8 Mar 2009 00:40:28 -0000	1.12
+++ openbsd-compat/bsd-cygwin_util.h	15 Aug 2011 10:59:57 -0000
@@ -1,7 +1,7 @@
 /* $Id: bsd-cygwin_util.h,v 1.12 2009/03/08 00:40:28 dtucker Exp $ */
 
 /*
- * Copyright (c) 2000, 2001, Corinna Vinschen <vinschen at cygnus.com>
+ * Copyright (c) 2000, 2001, 2011 Corinna Vinschen <vinschen at redhat.com>
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -41,13 +41,11 @@
 #include <io.h>
 
 int binary_open(const char *, int , ...);
-int binary_pipe(int fd[2]);
 int check_ntsec(const char *);
 char **fetch_windows_environment(void);
 void free_windows_environment(char **);
 
 #define open binary_open
-#define pipe binary_pipe
 
 #endif /* HAVE_CYGWIN */


Corinna

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
