Call for testing: OpenSSH-6.2
Darren Tucker
dtucker at zip.com.au
Thu Mar 7 15:42:39 EST 2013
On Thu, Mar 7, 2013 at 7:59 AM, Roumen Petrov <openssh at roumenpetrov.info> wrote:
> Darren Tucker wrote:
[...]
>> +AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
>> +AC_RUN_IFELSE(
>
> May I ask if configure script use AC_RUN_IFELSE to ensure that users could
> set appropriate defaults in case of cross-compilation .
I guess it depends on what you consider "appropriate" in this case.
This one defaults to assuming that RLIMIT_NOFILE with zero descriptors
works, which is the case for the majority of platforms we know about.
If it doesn't you'll get a cross-compiled binary that will fail at
startup rather than have a weaker sandbox than expected. If you're
willing to accept that you can always manually set the sandbox at
configure time.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list