Call for testing: OpenSSH 7.2

Jeff Wieland wieland at purdue.edu
Wed Feb 17 23:21:08 AEDT 2016


Damien Miller wrote:
> On Tue, 16 Feb 2016, Jeff Wieland wrote:
>
>> The Solaris privilege code breaks building on Solaris 10.  If
>> you let configure just do its thing, you get the following error
>> when compiling:
>>
>> "sandbox-solaris.c", line 22: #error: "--with-solaris-privs must be used with
>> the Solaris sandbox"
>>
>> So, I did add "--with-solaris-privs" to the command line for
>> configure, but then I got the following error messages:
> I think this should fix it. It would be good if someone with recent Solaris/
> Illumos that does have the fine-grained privilege support could test it too.
>
> diff --git a/configure.ac b/configure.ac
> index b4c0aaa..f614edf 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -896,11 +896,8 @@ mips-sony-bsd|mips-sony-newsos4)
>   	else
>   		AC_MSG_RESULT([no])
>   	fi
> -	AC_CHECK_FUNC([setppriv],
> -		[ AC_CHECK_HEADERS([priv.h], [
> -			SOLARIS_PRIVS="yes"
> -		])
> -	])
> +	AC_CHECK_FUNC([setppriv])
> +	AC_CHECK_HEADERS([priv.h])
>   	AC_ARG_WITH([solaris-contracts],
>   		[  --with-solaris-contracts Enable Solaris process contracts (experimental)],
>   		[
> @@ -925,7 +922,9 @@ mips-sony-bsd|mips-sony-newsos4)
>   		[  --with-solaris-privs    Enable Solaris/Illumos privileges (experimental)],
>   		[
>   		AC_MSG_CHECKING([for Solaris/Illumos privilege support])
> -		if test "x$SOLARIS_PRIVS" = "xyes" ; then
> +		if test "x$ac_cv_func_setppriv" = "xyes" -a \
> +			"x$ac_cv_header_priv_h" = "xyes" ; then
> +			SOLARIS_PRIVS=yes
>   			AC_MSG_RESULT([found])
>   			AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
>   				[Define to disable UID restoration test])
>
This patch still causes privilege separation sandbox style to be
set to solaris on Solaris 10.

-- 
           Jeff Wieland            |         Purdue University
    Network Systems Administrator  |        ITIS UNIX Platforms
        Voice: (765)496-8234       |        155 S. Grant Street
         FAX: (765)496-1380        |      West Lafayette, IN 47907



More information about the openssh-unix-dev mailing list