Call for testing: OpenSSH-5.9

Damien Miller djm at mindrot.org
Wed Aug 17 12:00:34 EST 2011


On Mon, 15 Aug 2011, Andy Tsouladze wrote:

Thanks for the feedback!

> Compiled SNAP-20110816 on
> x86 slackware-13.0.0
> x86 slackware-13.37.0 x86_64 slackware-13.37.0
> 
> Default configuration results in sandbox=rlimit, and with this option, all
> tests work on both verions of slackware.  I also compiled it with
> --with-sandbox=no, with no problems.
> 
> Now for the problems.
> 
> 1. ./configure --help
> 
>   --with-ipaddr-display   Use ip address instead of hostname in \$DISPLAY
>   --with-default-path=    Specify default \$PATH environment for server
> 
> Is there a reason to escape dollar signs here?

I think this was needed for earlier autoconf versions. I think we should
leave it for now as the slight ugliness must be balanced against not
breaking people who patch configure.ac and rebuild with an older autoconf
version.

> 2. ./configure --help
> 
>   --with-sandbox=style    Specify privilege separation sandbox (no, rlimit,
> systrace)
> 
> This is different from option stated in the mail (systrace, seatbelt and
> rlimit), and may be misleading.

The darwin (seatbelt) sandbox was missing from this list. I'll add it.

> >   Three concrete sandbox implementation are provided (selected at
> >   configure time): systrace, seatbelt and rlimit.
> 
> 3. I did try, just out of curiosity, to configure with --with-sandbox=seatbelt
> option, and got the following error:
> 
> configure: error: unsupported -with-sandbox
> 
> There is a typo here (-with as opposed to --with) and (probably) user-supplied
> option is omitted.
> 
> 4. Attempt to run `./configure --with-sandbox=systrace' succeeds, but
> compilation of sandbox-systrace.c fails as follows (on slackware-13.37.0 x86
> and x86_64):
> 
> gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare
> -Wformat-security -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing
> -fno-builtin-memset -fstack-protector-all  -I. -I. -DSSHDIR=\"/usr/local/etc\"
> -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"
> -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"
> -D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\"
> -D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\"
> -D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\"
> -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\"
> -DHAVE_CONFIG_H -c sandbox-systrace.c
> sandbox-systrace.c:28:26: fatal error: dev/systrace.h: No such file or
> directory
> compilation terminated.
> make: *** [sandbox-systrace.o] Error 1
> 
> It is true that my machine does not have systrace.h header file, but maybe
> this should be caught at configuration time?

fixed



More information about the openssh-unix-dev mailing list