Call for testing: OpenSSH 7.2

Alex Wilson alex at cooperi.net
Thu Feb 18 11:20:36 AEDT 2016


On 2/17/16 3:54 PM, Darren Tucker wrote:
> On Thu, Feb 18, 2016 at 10:22 AM, Darren Tucker <dtucker at zip.com.au> wrote:
> [...]
>> After a quick look at the patch, I'm wondering if it could be
>> simplified by adding an implementation of priv_basicset inside #ifndef
>> HAVE_PRIV_BASICSET and doing away with the inline ifdefs?
> 
> After a read of the man pages it seems that priv_str_to_set allocates
> and priv_basicset doesn't so it's not a drop in replacement, however
> factoring the basicset code out still seems to be cleaner, eg
> (completely untested):
> 

That patch looks nicer to me, too. It compiles on S10 and Illumos, but I
haven't fully tested it yet (the S10 box I found currently has a broken
OpenSSL which I'm trying to figure out)

For older S10 I've also had to add this patch (below), since it seems
PRIV_NET_ACCESS is also a newer addition (it came in sometime in the
osol era apparently)




diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c
index 4a42a36..40285b7 100644
--- a/openbsd-compat/port-solaris.c
+++ b/openbsd-compat/port-solaris.c
@@ -282,13 +282,17 @@ solaris_drop_privs_pinfo_net_fork_exec(void)
 		fatal("priv_addset: %s", strerror(errno));

 	if (priv_delset(npset, PRIV_FILE_LINK_ANY) != 0 ||
-	    priv_delset(npset, PRIV_NET_ACCESS) != 0 ||
 	    priv_delset(npset, PRIV_PROC_EXEC) != 0 ||
 	    priv_delset(npset, PRIV_PROC_FORK) != 0 ||
 	    priv_delset(npset, PRIV_PROC_INFO) != 0 ||
 	    priv_delset(npset, PRIV_PROC_SESSION) != 0)
 		fatal("priv_delset: %s", strerror(errno));

+# if defined(PRIV_NET_ACCESS)
+	if (priv_delset(npset, PRIV_NET_ACCESS) != 0)
+		fatal("priv_delset: %s", strerror(errno));
+# endif
+
 	if (getppriv(PRIV_PERMITTED, pset) != 0)
 		fatal("getppriv: %s", strerror(errno));

@@ -312,11 +316,15 @@ solaris_drop_privs_root_pinfo_net(void)
 	pset = solaris_basic_privset();

 	if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 ||
-	    priv_delset(pset, PRIV_NET_ACCESS) != 0 ||
 	    priv_delset(pset, PRIV_PROC_INFO) != 0 ||
 	    priv_delset(pset, PRIV_PROC_SESSION) != 0)
 		fatal("priv_delset: %s", strerror(errno));

+# if defined(PRIV_NET_ACCESS)
+	if (priv_delset(pset, PRIV_NET_ACCESS) != 0)
+		fatal("priv_delset: %s", strerror(errno));
+# endif
+
 	if (setppriv(PRIV_SET, PRIV_PERMITTED, pset) != 0 ||
 	    setppriv(PRIV_SET, PRIV_LIMIT, pset) != 0 ||
 	    setppriv(PRIV_SET, PRIV_INHERITABLE, pset) != 0)
@@ -335,12 +343,16 @@ solaris_drop_privs_root_pinfo_net_exec(void)
 	pset = solaris_basic_privset();

 	if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 ||
-	    priv_delset(pset, PRIV_NET_ACCESS) != 0 ||
 	    priv_delset(pset, PRIV_PROC_EXEC) != 0 ||
 	    priv_delset(pset, PRIV_PROC_INFO) != 0 ||
 	    priv_delset(pset, PRIV_PROC_SESSION) != 0)
 		fatal("priv_delset: %s", strerror(errno));

+# if defined(PRIV_NET_ACCESS)
+	if (priv_delset(pset, PRIV_NET_ACCESS) != 0)
+		fatal("priv_delset: %s", strerror(errno));
+# endif
+
 	if (setppriv(PRIV_SET, PRIV_PERMITTED, pset) != 0 ||
 	    setppriv(PRIV_SET, PRIV_LIMIT, pset) != 0 ||
 	    setppriv(PRIV_SET, PRIV_INHERITABLE, pset) != 0)
diff --git a/sandbox-solaris.c b/sandbox-solaris.c
index 8e81c2b..a1506d6 100644
--- a/sandbox-solaris.c
+++ b/sandbox-solaris.c
@@ -59,7 +59,6 @@ ssh_sandbox_init(struct monitor *monitor)

 	/* Drop everything except the ability to use already-opened files */
 	if (priv_delset(box->pset, PRIV_FILE_LINK_ANY) != 0 ||
-	    priv_delset(box->pset, PRIV_NET_ACCESS) != 0 ||
 	    priv_delset(box->pset, PRIV_PROC_EXEC) != 0 ||
 	    priv_delset(box->pset, PRIV_PROC_FORK) != 0 ||
 	    priv_delset(box->pset, PRIV_PROC_INFO) != 0 ||
@@ -67,7 +66,12 @@ ssh_sandbox_init(struct monitor *monitor)
 		free(box);
 		return NULL;
 	}
-
+# if defined(PRIV_NET_ACCESS)
+	if (priv_delset(box->pset, PRIV_NET_ACCESS) != 0) {
+		free(box);
+		return NULL;
+	}
+# endif
 	/* These may not be available on older Solaris-es */
 # if defined(PRIV_FILE_READ) && defined(PRIV_FILE_WRITE)
 	if (priv_delset(box->pset, PRIV_FILE_READ) != 0 ||



More information about the openssh-unix-dev mailing list