Call for testing: OpenSSH 6.8

[mikep at noc.utoronto.ca]

On Tue, 10 Mar 2015, Damien Miller wrote:

> On Fri, 6 Mar 2015, Damien Miller wrote:
>
>> On Wed, 4 Mar 2015, mikep at noc.utoronto.ca wrote:
>>
>>> Re-testing 'openssh-SNAP-20150305' on Solaris 10, with 'gcc':
>>>
>>> Configure, 'make' complete; 'make tests' fails at:
>>>
>>> postcondition check failed: setstat readonly
>>
>> I couldn't reporoduce this on an illumos zone that I had access to,
>> will try installing solaris10 next.
>
> I've been unable to get Solaris 10 working in a VM. Could you please
> apply the below patch and run:
>
> make tests LTESTS=sftp-perm SKIP_UNIT=1
>
> and report the last 20 or so lines of output? (I'm mostly interested in those
> prefixed with 'XXX')

/opt/local/src/security/openssh/ssh-keygen -lf /opt/local/src/security/openssh/regress//t10.out > /dev/null
/opt/local/src/security/openssh/ssh-keygen -Bf /opt/local/src/security/openssh/regress//t10.out > /dev/null
/opt/local/src/security/openssh/ssh-keygen -E sha256 -lf /opt/local/src/security/openssh/regress/rsa_openssh.pub |\
         awk '{print $2}' | diff - /opt/local/src/security/openssh/regress/t11.ok
/opt/local/src/security/openssh/ssh-keygen -lf /opt/local/src/security/openssh/regress//t12.out.pub | grep -q test-comment-1234
run test sftp-perm.sh ...
YYY
sftp permissions: read-only setstat
XXX PRE RW: -r--------   1 root            0 Mar 11 17:48 /opt/local/src/security/openssh/regress/copy
XXX POST RW: -rwx------   1 root            0 Mar 11 17:48 /opt/local/src/security/openssh/regress/copy
XXX PRE RO: -r--------   1 root            0 Mar 11 17:48 /opt/local/src/security/openssh/regress/copy
XXX POST RO: -r--------   1 root            0 Mar 11 17:48 /opt/local/src/security/openssh/regress/copy
postcondition check failed: setstat readonly
FATAL: XXX
make[1]: *** [t-exec] Error 1
make[1]: Leaving directory `/opt/local/src/security/openssh/regress'
make: *** [tests] Error 2

> diff --git a/regress/sftp-perm.sh b/regress/sftp-perm.sh
> index 304ca0a..9a3740e 100644
> --- a/regress/sftp-perm.sh
> +++ b/regress/sftp-perm.sh
> @@ -41,13 +41,17 @@ ro_test() {
> 	verbose "$tid: read-only $_desc"
> 	# Plain (no options, mostly to test that _cmd is good)
> 	prepare_files "$_prep"
> +	printf "XXX PRE RW: " ; ls -l $COPY
> 	prepare_server
> 	run_client "$_cmd" || fail "plain $_desc failed"
> +	printf "XXX POST RW: " ; ls -l $COPY
> 	postcondition "$_desc no-readonly" "$_expect_success_post"
> 	# Read-only enabled
> 	prepare_files "$_prep"
> +	printf "XXX PRE RO: " ; ls -l $COPY
> 	prepare_server -R
> 	run_client "$_cmd" && fail "read-only $_desc succeeded"
> +	printf "XXX POST RO: " ; ls -l $COPY
> 	postcondition "$_desc readonly" "$_expect_fail_post"
> }
>
> @@ -80,20 +84,22 @@ perm_test() {
> 	run_client "$_cmd" && fail "no whitelist $_op succeeded"
> 	postcondition "$_op not in whitelist" "$_expect_fail_post"
> }
> -
> +if false ; then
> ro_test \
> 	"upload" \
> 	"put $DATA $COPY" \
> 	"" \
> 	"cmp $DATA $COPY" \
> 	"test ! -f $COPY"
> -
> +fi
> +echo YYY
> ro_test \
> 	"setstat" \
> 	"chmod 0700 $COPY" \
> 	"touch $COPY; chmod 0400 $COPY" \
> 	"test -x $COPY" \
> 	"test ! -x $COPY"
> +fatal XXX
>
> ro_test \
> 	"rm" \


Mike
--
Mike Peterson                            Information Security Analyst - Audit
E-mail: mikep at noc.utoronto.ca                WWW: http://www.noc.utoronto.ca/
Tel: 416-978-5230                                           Fax: 416-978-6620