Call for testing: OpenSSH 7.2
Carson Gaspar
carson at taltos.org
Thu Feb 18 04:50:13 AEDT 2016
On 2/16/16 8:21 PM, Damien Miller wrote:
> I think this should fix it. It would be good if someone with recent Solaris/
> Illumos that does have the fine-grained privilege support could test it too.
Solaris 10 has setppriv, but does not have priv_basicset. To work on
Solaris 10, the call would need to be replaced with the equivalent set
of explicitly listed privs:
"Of the privileges listed above, the privileges PRIV_FILE_LINK_ANY,
PRIV_FILE_READ, PRIV_FILE_WRITE, PRIV_PROC_INFO, PRIV_PROC_SESSION,
PRIV_NET_ACCESS, PRIV_PROC_FORK, and PRIV_PROC_EXEC are considered
"basic" privileges. These are privileges that used to be always avail-
able to unprivileged processes. By default, processes still have the
basic privileges."
> diff --git a/configure.ac b/configure.ac
> index b4c0aaa..f614edf 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -896,11 +896,8 @@ mips-sony-bsd|mips-sony-newsos4)
> else
> AC_MSG_RESULT([no])
> fi
> - AC_CHECK_FUNC([setppriv],
> - [ AC_CHECK_HEADERS([priv.h], [
> - SOLARIS_PRIVS="yes"
> - ])
> - ])
> + AC_CHECK_FUNC([setppriv])
> + AC_CHECK_HEADERS([priv.h])
> AC_ARG_WITH([solaris-contracts],
> [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
> [
> @@ -925,7 +922,9 @@ mips-sony-bsd|mips-sony-newsos4)
> [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)],
> [
> AC_MSG_CHECKING([for Solaris/Illumos privilege support])
> - if test "x$SOLARIS_PRIVS" = "xyes" ; then
> + if test "x$ac_cv_func_setppriv" = "xyes" -a \
> + "x$ac_cv_header_priv_h" = "xyes" ; then
> + SOLARIS_PRIVS=yes
> AC_MSG_RESULT([found])
> AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
> [Define to disable UID restoration test])
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
More information about the openssh-unix-dev
mailing list