Call for testing: OpenSSH 6.1
Darren Tucker
dtucker at zip.com.au
Tue Aug 28 22:22:42 EST 2012
On Tue, Aug 28, 2012 at 08:43:18PM +1000, Darren Tucker wrote:
[...]
> OK, I think this is because privsep doesn't work (without SUDO, anyway),
> so when it tests with the malloc options it'll fail rather than just
> warn like the original sandbox test.
>
> The trivial workaround is to replace the last "fail" in
> connect-privsep.sh with "warn". I'm not sure what the proper thing to
> do is (at some point we're really going to care about sandbox failures).
OK, I tried it on a VM. Firstly I couldn't build without disabling
utmpx (should configure do that itself?), next I made the sandbox
failures non-fatal on haiku (also fixed some spacing).
With these changes it at least makes it past the sandbox tests...
Index: configure.ac
===================================================================
RCS file: /home/dtucker/openssh/cvs/openssh/configure.ac,v
retrieving revision 1.496
diff -u -p -r1.496 configure.ac
--- configure.ac 6 Jul 2012 01:49:29 -0000 1.496
+++ configure.ac 28 Aug 2012 12:03:57 -0000
@@ -561,12 +561,14 @@ main() { if (NSVersionOfRunTimeLibrary("
*-*-dragonfly*)
SSHDLIBS="$SSHDLIBS -lcrypt"
;;
-*-*-haiku*)
- LIBS="$LIBS -lbsd "
- AC_CHECK_LIB([network], [socket])
- AC_DEFINE([HAVE_U_INT64_T])
- MANTYPE=man
- ;;
+*-*-haiku*)
+ LIBS="$LIBS -lbsd"
+ AC_CHECK_LIB([network], [socket])
+ AC_DEFINE([HAVE_U_INT64_T])
+ AC_DEFINE([DISABLE_UTMPX])
+ AC_DEFINE([BROKEN_SANDBOX], [1], [Sandbox does not work on haiku])
+ MANTYPE=man
+ ;;
*-*-hpux*)
# first we define all of the options common to all HP-UX releases
CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
Index: regress/connect-privsep.sh
===================================================================
RCS file: /home/dtucker/openssh/cvs/openssh/regress/connect-privsep.sh,v
retrieving revision 1.5
diff -u -p -r1.5 connect-privsep.sh
--- regress/connect-privsep.sh 2 Jul 2012 14:53:18 -0000 1.5
+++ regress/connect-privsep.sh 28 Aug 2012 12:05:12 -0000
@@ -13,6 +13,12 @@ for p in 1 2; do
fi
done
+if config_defined BROKEN_SANDBOX; then
+ FAIL=warn
+else
+ FAIL=fail
+fi
+
cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy
echo 'UsePrivilegeSeparation sandbox' >> $OBJ/sshd_proxy
@@ -20,7 +26,7 @@ for p in 1 2; do
${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true
if [ $? -ne 0 ]; then
# XXX replace this with fail once sandbox has stabilised
- warn "ssh privsep/sandbox+proxyconnect protocol $p failed"
+ $FAIL "ssh privsep/sandbox+proxyconnect protocol $p failed"
fi
done
@@ -30,7 +36,7 @@ for m in '' A F G H J P R S X Z '<' '>';
for p in 1 2; do
env MALLOC_OPTIONS="$m" ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true
if [ $? -ne 0 ]; then
- fail "ssh privsep/sandbox+proxyconnect protocol $p mopt '$m' failed"
+ $FAIL "ssh privsep/sandbox+proxyconnect protocol $p mopt '$m' failed"
fi
done
done
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list