Call for testing: OpenSSH 6.1

Darren Tucker dtucker at zip.com.au
Tue Aug 28 22:22:42 EST 2012


On Tue, Aug 28, 2012 at 08:43:18PM +1000, Darren Tucker wrote:
[...]
> OK, I think this is because privsep doesn't work (without SUDO, anyway),
> so when it tests with the malloc options it'll fail rather than just
> warn like the original sandbox test.
> 
> The trivial workaround is to replace the last "fail" in
> connect-privsep.sh with "warn".  I'm not sure what the proper thing to
> do is (at some point we're really going to care about sandbox failures).

OK, I tried it on a VM.  Firstly I couldn't build without disabling
utmpx (should configure do that itself?), next I made the sandbox
failures non-fatal on haiku (also fixed some spacing).

With these changes it at least makes it past the sandbox tests...

Index: configure.ac
===================================================================
RCS file: /home/dtucker/openssh/cvs/openssh/configure.ac,v
retrieving revision 1.496
diff -u -p -r1.496 configure.ac
--- configure.ac	6 Jul 2012 01:49:29 -0000	1.496
+++ configure.ac	28 Aug 2012 12:03:57 -0000
@@ -561,12 +561,14 @@ main() { if (NSVersionOfRunTimeLibrary("
 *-*-dragonfly*)
 	SSHDLIBS="$SSHDLIBS -lcrypt"
 	;;
-*-*-haiku*) 
-    LIBS="$LIBS -lbsd "
-    AC_CHECK_LIB([network], [socket])
-    AC_DEFINE([HAVE_U_INT64_T])
-    MANTYPE=man 
-    ;; 
+*-*-haiku*)
+	LIBS="$LIBS -lbsd"
+	AC_CHECK_LIB([network], [socket])
+	AC_DEFINE([HAVE_U_INT64_T])
+	AC_DEFINE([DISABLE_UTMPX])
+	AC_DEFINE([BROKEN_SANDBOX], [1], [Sandbox does not work on haiku])
+	MANTYPE=man
+	;;
 *-*-hpux*)
 	# first we define all of the options common to all HP-UX releases
 	CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
Index: regress/connect-privsep.sh
===================================================================
RCS file: /home/dtucker/openssh/cvs/openssh/regress/connect-privsep.sh,v
retrieving revision 1.5
diff -u -p -r1.5 connect-privsep.sh
--- regress/connect-privsep.sh	2 Jul 2012 14:53:18 -0000	1.5
+++ regress/connect-privsep.sh	28 Aug 2012 12:05:12 -0000
@@ -13,6 +13,12 @@ for p in 1 2; do
 	fi
 done
 
+if config_defined BROKEN_SANDBOX; then
+	FAIL=warn
+else
+	FAIL=fail
+fi
+
 cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy
 echo 'UsePrivilegeSeparation sandbox' >> $OBJ/sshd_proxy
 
@@ -20,7 +26,7 @@ for p in 1 2; do
 	${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true
 	if [ $? -ne 0 ]; then
 		# XXX replace this with fail once sandbox has stabilised
-		warn "ssh privsep/sandbox+proxyconnect protocol $p failed"
+		$FAIL "ssh privsep/sandbox+proxyconnect protocol $p failed"
 	fi
 done
 
@@ -30,7 +36,7 @@ for m in '' A F G H J P R S X Z '<' '>';
     for p in 1 2; do
 	env MALLOC_OPTIONS="$m" ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true
 	if [ $? -ne 0 ]; then
-		fail "ssh privsep/sandbox+proxyconnect protocol $p mopt '$m' failed"
+		$FAIL "ssh privsep/sandbox+proxyconnect protocol $p mopt '$m' failed"
 	fi
     done
 done

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list