Call for testing: OpenSSH 7.2

Jeff Wieland wieland at purdue.edu
Wed Feb 17 23:39:06 AEDT 2016


Jeff Wieland wrote:
> Damien Miller wrote:
>> On Tue, 16 Feb 2016, Jeff Wieland wrote:
>>
>>> The Solaris privilege code breaks building on Solaris 10.  If
>>> you let configure just do its thing, you get the following error
>>> when compiling:
>>>
>>> "sandbox-solaris.c", line 22: #error: "--with-solaris-privs must be 
>>> used with
>>> the Solaris sandbox"
>>>
>>> So, I did add "--with-solaris-privs" to the command line for
>>> configure, but then I got the following error messages:
>> I think this should fix it. It would be good if someone with recent 
>> Solaris/
>> Illumos that does have the fine-grained privilege support could test 
>> it too.
>>
>> diff --git a/configure.ac b/configure.ac
>> index b4c0aaa..f614edf 100644
>> --- a/configure.ac
>> +++ b/configure.ac
>> @@ -896,11 +896,8 @@ mips-sony-bsd|mips-sony-newsos4)
>>       else
>>           AC_MSG_RESULT([no])
>>       fi
>> -    AC_CHECK_FUNC([setppriv],
>> -        [ AC_CHECK_HEADERS([priv.h], [
>> -            SOLARIS_PRIVS="yes"
>> -        ])
>> -    ])
>> +    AC_CHECK_FUNC([setppriv])
>> +    AC_CHECK_HEADERS([priv.h])
>>       AC_ARG_WITH([solaris-contracts],
>>           [  --with-solaris-contracts Enable Solaris process 
>> contracts (experimental)],
>>           [
>> @@ -925,7 +922,9 @@ mips-sony-bsd|mips-sony-newsos4)
>>           [  --with-solaris-privs    Enable Solaris/Illumos 
>> privileges (experimental)],
>>           [
>>           AC_MSG_CHECKING([for Solaris/Illumos privilege support])
>> -        if test "x$SOLARIS_PRIVS" = "xyes" ; then
>> +        if test "x$ac_cv_func_setppriv" = "xyes" -a \
>> +            "x$ac_cv_header_priv_h" = "xyes" ; then
>> +            SOLARIS_PRIVS=yes
>>               AC_MSG_RESULT([found])
>>               AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
>>                   [Define to disable UID restoration test])
>>
> This patch still causes privilege separation sandbox style to be
> set to solaris on Solaris 10.
>
Never mind -- I forgot to run autoreconf.  It does indeed work correctly on
Solaris 8.

-- 
           Jeff Wieland            |         Purdue University
    Network Systems Administrator  |        ITIS UNIX Platforms
        Voice: (765)496-8234       |        155 S. Grant Street
         FAX: (765)496-1380        |      West Lafayette, IN 47907



More information about the openssh-unix-dev mailing list