Call for testing: OpenSSH 7.2

Carson Gaspar carson at taltos.org
Thu Feb 18 04:50:13 AEDT 2016


On 2/16/16 8:21 PM, Damien Miller wrote:

> I think this should fix it. It would be good if someone with recent Solaris/
> Illumos that does have the fine-grained privilege support could test it too.

Solaris 10 has setppriv, but does not have priv_basicset. To work on 
Solaris 10, the call would need to be replaced with the equivalent set 
of explicitly listed privs:

"Of  the  privileges  listed  above,  the privileges PRIV_FILE_LINK_ANY,
PRIV_FILE_READ,  PRIV_FILE_WRITE,  PRIV_PROC_INFO,   PRIV_PROC_SESSION,
PRIV_NET_ACCESS,  PRIV_PROC_FORK,  and  PRIV_PROC_EXEC  are  considered
"basic" privileges. These are privileges that used to be always  avail-
able  to  unprivileged  processes. By default, processes still have the
basic privileges."

> diff --git a/configure.ac b/configure.ac
> index b4c0aaa..f614edf 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -896,11 +896,8 @@ mips-sony-bsd|mips-sony-newsos4)
>   	else
>   		AC_MSG_RESULT([no])
>   	fi
> -	AC_CHECK_FUNC([setppriv],
> -		[ AC_CHECK_HEADERS([priv.h], [
> -			SOLARIS_PRIVS="yes"
> -		])
> -	])
> +	AC_CHECK_FUNC([setppriv])
> +	AC_CHECK_HEADERS([priv.h])
>   	AC_ARG_WITH([solaris-contracts],
>   		[  --with-solaris-contracts Enable Solaris process contracts (experimental)],
>   		[
> @@ -925,7 +922,9 @@ mips-sony-bsd|mips-sony-newsos4)
>   		[  --with-solaris-privs    Enable Solaris/Illumos privileges (experimental)],
>   		[
>   		AC_MSG_CHECKING([for Solaris/Illumos privilege support])
> -		if test "x$SOLARIS_PRIVS" = "xyes" ; then
> +		if test "x$ac_cv_func_setppriv" = "xyes" -a \
> +			"x$ac_cv_header_priv_h" = "xyes" ; then
> +			SOLARIS_PRIVS=yes
>   			AC_MSG_RESULT([found])
>   			AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
>   				[Define to disable UID restoration test])
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>



More information about the openssh-unix-dev mailing list