Call for testing: OpenSSH 7.2
Jeff Wieland
wieland at purdue.edu
Wed Feb 17 23:21:08 AEDT 2016
Damien Miller wrote:
> On Tue, 16 Feb 2016, Jeff Wieland wrote:
>
>> The Solaris privilege code breaks building on Solaris 10. If
>> you let configure just do its thing, you get the following error
>> when compiling:
>>
>> "sandbox-solaris.c", line 22: #error: "--with-solaris-privs must be used with
>> the Solaris sandbox"
>>
>> So, I did add "--with-solaris-privs" to the command line for
>> configure, but then I got the following error messages:
> I think this should fix it. It would be good if someone with recent Solaris/
> Illumos that does have the fine-grained privilege support could test it too.
>
> diff --git a/configure.ac b/configure.ac
> index b4c0aaa..f614edf 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -896,11 +896,8 @@ mips-sony-bsd|mips-sony-newsos4)
> else
> AC_MSG_RESULT([no])
> fi
> - AC_CHECK_FUNC([setppriv],
> - [ AC_CHECK_HEADERS([priv.h], [
> - SOLARIS_PRIVS="yes"
> - ])
> - ])
> + AC_CHECK_FUNC([setppriv])
> + AC_CHECK_HEADERS([priv.h])
> AC_ARG_WITH([solaris-contracts],
> [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
> [
> @@ -925,7 +922,9 @@ mips-sony-bsd|mips-sony-newsos4)
> [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)],
> [
> AC_MSG_CHECKING([for Solaris/Illumos privilege support])
> - if test "x$SOLARIS_PRIVS" = "xyes" ; then
> + if test "x$ac_cv_func_setppriv" = "xyes" -a \
> + "x$ac_cv_header_priv_h" = "xyes" ; then
> + SOLARIS_PRIVS=yes
> AC_MSG_RESULT([found])
> AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
> [Define to disable UID restoration test])
>
This patch still causes privilege separation sandbox style to be
set to solaris on Solaris 10.
--
Jeff Wieland | Purdue University
Network Systems Administrator | ITIS UNIX Platforms
Voice: (765)496-8234 | 155 S. Grant Street
FAX: (765)496-1380 | West Lafayette, IN 47907
More information about the openssh-unix-dev
mailing list