Call for testing: OpenSSH 7.2

Thu Feb 18 09:04:23 AEDT 2016

On 2/17/16 9:50 AM, Carson Gaspar wrote:
> Solaris 10 has setppriv, but does not have priv_basicset. To work on
> Solaris 10, the call would need to be replaced with the equivalent set
> of explicitly listed privs:

The prior art in other apps on the system seems to suggest that
priv_str_to_set is a better fallback if priv_basicset is not available.

I've attached a patch that seems to build and work on Illumos in both
modes (using priv_basicset and using priv_str_to_set). Would you mind
trying it on Solaris 10 for me? I did write this keeping Solaris 10 in
mind originally, but apparently I missed the lack of priv_basicset. Sorry.
-------------- next part --------------
>From 6cc3cf443748a3047ca642fd70438baffd2860fd Mon Sep 17 00:00:00 2001
From: Alex Wilson <alex.wilson at joyent.com>
Date: Wed, 17 Feb 2016 13:56:01 -0800
Subject: [PATCH] wip: fix for sol10 privs

---
 configure.ac                  |  1 +
 openbsd-compat/port-solaris.c | 26 ++++++++++++++++++++------
 sandbox-solaris.c             | 11 ++++++++---
 3 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/configure.ac b/configure.ac
index b4c0aaa..d910f53 100644
--- a/configure.ac
+++ b/configure.ac
@@ -898,6 +898,7 @@ mips-sony-bsd|mips-sony-newsos4)
 	fi
 	AC_CHECK_FUNC([setppriv],
 		[ AC_CHECK_HEADERS([priv.h], [
+			AC_CHECK_FUNCS([priv_basicset])
 			SOLARIS_PRIVS="yes"
 		])
 	])
diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c
index 962cd16..0ba80c6 100644
--- a/openbsd-compat/port-solaris.c
+++ b/openbsd-compat/port-solaris.c
@@ -254,11 +254,17 @@ solaris_drop_privs_pinfo_net_fork_exec(void)
 	 * etc etc).
 	 */
 
-	if ((pset = priv_allocset()) == NULL ||
-	    (npset = priv_allocset()) == NULL)
+	if ((pset = priv_allocset()) == NULL)
 		fatal("priv_allocset: %s", strerror(errno));
 
+#if defined(HAVE_PRIV_BASICSET)
+	if ((npset = priv_allocset()) == NULL)
+		fatal("priv_allocset: %s", strerror(errno));
 	priv_basicset(npset);
+#else
+	if ((npset = priv_str_to_set("basic", ",", NULL)) == NULL)
+		fatal("priv_str_to_set: %s", strerror(errno));
+#endif
 
 	if (priv_addset(npset, PRIV_FILE_CHOWN) != 0 ||
 	    priv_addset(npset, PRIV_FILE_DAC_READ) != 0 ||
@@ -294,11 +300,15 @@ solaris_drop_privs_root_pinfo_net(void)
 {
 	priv_set_t *pset = NULL;
 
+	/* Start with "basic" and drop everything we don't need. */
+#if defined(HAVE_PRIV_BASICSET)
 	if ((pset = priv_allocset()) == NULL)
 		fatal("priv_allocset: %s", strerror(errno));
-
-	/* Start with "basic" and drop everything we don't need. */
 	priv_basicset(pset);
+#else
+	if ((pset = priv_str_to_set("basic", ",", NULL)) == NULL)
+		fatal("priv_str_to_set: %s", strerror(errno));
+#endif
 
 	if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 ||
 	    priv_delset(pset, PRIV_NET_ACCESS) != 0 ||
@@ -319,11 +329,15 @@ solaris_drop_privs_root_pinfo_net_exec(void)
 {
 	priv_set_t *pset = NULL;
 
+	/* Start with "basic" and drop everything we don't need. */
+#if defined(HAVE_PRIV_BASICSET)
 	if ((pset = priv_allocset()) == NULL)
 		fatal("priv_allocset: %s", strerror(errno));
-
-	/* Start with "basic" and drop everything we don't need. */
 	priv_basicset(pset);
+#else
+	if ((pset = priv_str_to_set("basic", ",", NULL)) == NULL)
+		fatal("priv_str_to_set: %s", strerror(errno));
+#endif
 
 	if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 ||
 	    priv_delset(pset, PRIV_NET_ACCESS) != 0 ||
diff --git a/sandbox-solaris.c b/sandbox-solaris.c
index 98714e1..a1828ed 100644
--- a/sandbox-solaris.c
+++ b/sandbox-solaris.c
@@ -48,15 +48,20 @@ ssh_sandbox_init(struct monitor *monitor)
 	struct ssh_sandbox *box = NULL;
 
 	box = xcalloc(1, sizeof(*box));
-	box->pset = priv_allocset();
 
+	/* Start with "basic" and drop everything we don't need. */
+#if defined(HAVE_PRIV_BASICSET)
+	box->pset = priv_allocset();
+#else
+	box->pset = priv_str_to_set("basic", ",", NULL);
+#endif
 	if (box->pset == NULL) {
 		free(box);
 		return NULL;
 	}
-
-	/* Start with "basic" and drop everything we don't need. */
+#if defined(HAVE_PRIV_BASICSET)
 	priv_basicset(box->pset);
+#endif
 
 	/* Drop everything except the ability to use already-opened files */
 	if (priv_delset(box->pset, PRIV_FILE_LINK_ANY) != 0 ||
-- 
2.5.4 (Apple Git-61)

