Call for testing: OpenSSH-5.9

Andy Tsouladze andyb1 at andy-t.org
Tue Aug 16 01:38:35 EST 2011 

Compiled SNAP-20110816 on
x86 slackware-13.0.0
x86 slackware-13.37.0 
x86_64 slackware-13.37.0

Default configuration results in sandbox=rlimit, and with this option, all 
tests work on both verions of slackware.  I also compiled it with 
--with-sandbox=no, with no problems.

Now for the problems.

1. ./configure --help

   --with-ipaddr-display   Use ip address instead of hostname in \$DISPLAY
   --with-default-path=    Specify default \$PATH environment for server

Is there a reason to escape dollar signs here?

2. ./configure --help

   --with-sandbox=style    Specify privilege separation sandbox (no, 
rlimit, systrace)

This is different from option stated in the mail (systrace, seatbelt and 
rlimit), and may be misleading.

>   Three concrete sandbox implementation are provided (selected at
>   configure time): systrace, seatbelt and rlimit.

3. I did try, just out of curiosity, to configure with 
--with-sandbox=seatbelt option, and got the following error:

configure: error: unsupported -with-sandbox

There is a typo here (-with as opposed to --with) and (probably) 
user-supplied option is omitted.

4. Attempt to run `./configure --with-sandbox=systrace' succeeds, but 
compilation of sandbox-systrace.c fails as follows (on slackware-13.37.0 
x86 and x86_64):

gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare 
-Wformat-security -Wno-pointer-sign -Wno-unused-result 
-fno-strict-aliasing -fno-builtin-memset -fstack-protector-all  -I. -I. 
-DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" 
-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" 
-D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\" 
-D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\" 
-D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\" 
-D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" 
-DHAVE_CONFIG_H -c sandbox-systrace.c
sandbox-systrace.c:28:26: fatal error: dev/systrace.h: No such file or 
directory
compilation terminated.
make: *** [sandbox-systrace.o] Error 1

It is true that my machine does not have systrace.h header file, but maybe 
this should be caught at configuration time?

On slackware-13.0.0, compilation also fails but in a somewhat different 
manner:

gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare 
-Wformat-security -Wno-pointer-sign -fno-strict-aliasing 
-fno-builtin-memset -fstack-protector-all -std=gnu99  -I. -I. 
-DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" 
-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" 
-D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\" 
-D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\" 
-D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\" 
-D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" 
-DHAVE_CONFIG_H -c sandbox-systrace.c
sandbox-systrace.c:28:26: error: dev/systrace.h: No such file or directory
sandbox-systrace.c:51: error: 'SYSTR_POLICY_NEVER' undeclared here (not in 
a function)
sandbox-systrace.c:53: error: 'SYS___sysctl' undeclared here (not in a 
function)
sandbox-systrace.c:53: error: 'SYSTR_POLICY_PERMIT' undeclared here (not 
in a function)
sandbox-systrace.c: In function 'ssh_sandbox_parent':
sandbox-systrace.c:118: error: storage size of 'policy' isn't known
sandbox-systrace.c:132: error: 'STRIOCCLONE' undeclared (first use in this 
function)
sandbox-systrace.c:132: error: (Each undeclared identifier is reported 
only once
sandbox-systrace.c:132: error: for each function it appears in.)
sandbox-systrace.c:132: warning: passing argument 2 of 'ioctl' makes 
integer from pointer without a cast
sandbox-systrace.c:137: error: 'STRIOCATTACH' undeclared (first use in 
this function)
sandbox-systrace.c:137: warning: passing argument 2 of 'ioctl' makes 
integer from pointer without a cast
sandbox-systrace.c:142: warning: passing argument 2 of 'bzero' makes 
integer from pointer without a cast
sandbox-systrace.c:143: error: request for member 'strp_op' in something 
not a structure or union
sandbox-systrace.c:143: error: 'SYSTR_POLICY_NEW' undeclared (first use in 
this function)
sandbox-systrace.c:143: warning: statement with no effect
sandbox-systrace.c:144: error: request for member 'strp_maxents' in 
something not a structure or union
sandbox-systrace.c:144: error: 'SYS_MAXSYSCALL' undeclared (first use in 
this function)
sandbox-systrace.c:144: warning: statement with no effect
sandbox-systrace.c:145: error: 'STRIOCPOLICY' undeclared (first use in 
this function)
sandbox-systrace.c:145: warning: passing argument 2 of 'ioctl' makes 
integer from pointer without a cast
sandbox-systrace.c:149: error: request for member 'strp_op' in something 
not a structure or union
sandbox-systrace.c:149: error: 'SYSTR_POLICY_ASSIGN' undeclared (first use 
in this function)
sandbox-systrace.c:149: warning: statement with no effect
sandbox-systrace.c:150: error: request for member 'strp_pid' in something 
not a structure or union
sandbox-systrace.c:150: warning: statement with no effect
sandbox-systrace.c:151: warning: passing argument 2 of 'ioctl' makes 
integer from pointer without a cast
sandbox-systrace.c:156: warning: comparison between pointer and integer
sandbox-systrace.c:164: error: request for member 'strp_op' in something 
not a structure or union
sandbox-systrace.c:164: error: 'SYSTR_POLICY_MODIFY' undeclared (first use 
in this function)
sandbox-systrace.c:164: warning: statement with no effect
sandbox-systrace.c:165: error: request for member 'strp_code' in something 
not a structure or union
sandbox-systrace.c:165: warning: statement with no effect
sandbox-systrace.c:166: error: request for member 'strp_policy' in 
something not a structure or union
sandbox-systrace.c:167: error: 'SYSTR_POLICY_KILL' undeclared (first use 
in this function)
sandbox-systrace.c:167: warning: pointer/integer type mismatch in 
conditional expression
sandbox-systrace.c:167: warning: statement with no effect
sandbox-systrace.c:170: warning: passing argument 2 of 'ioctl' makes 
integer from pointer without a cast
sandbox-systrace.c:118: warning: unused variable 'policy'
make: *** [sandbox-systrace.o] Error 1

Regards,

Andy

Dr Andy Tsouladze
Sr Unix/Storage SysAdmin

More information about the openssh-unix-dev mailing list