Call for testing: OpenSSH 7.2
Carson Gaspar
carson at taltos.org
Thu Feb 18 05:09:12 AEDT 2016
On 2/17/16 9:50 AM, Carson Gaspar wrote:
> On 2/16/16 8:21 PM, Damien Miller wrote:
>
>> I think this should fix it. It would be good if someone with recent
>> Solaris/
>> Illumos that does have the fine-grained privilege support could test
>> it too.
>
> Solaris 10 has setppriv, but does not have priv_basicset. To work on
> Solaris 10, the call would need to be replaced with the equivalent set
> of explicitly listed privs:
>
> "Of the privileges listed above, the privileges PRIV_FILE_LINK_ANY,
> PRIV_FILE_READ, PRIV_FILE_WRITE, PRIV_PROC_INFO, PRIV_PROC_SESSION,
> PRIV_NET_ACCESS, PRIV_PROC_FORK, and PRIV_PROC_EXEC are considered
> "basic" privileges. These are privileges that used to be always avail-
> able to unprivileged processes. By default, processes still have the
> basic privileges."
Of course that's the Sol 11 man page excerpt. Sol 10 doesn't have
PRIV_FILE_{READ,WRITE}, but otherwise the basic privs are the same.
--
Carson
More information about the openssh-unix-dev
mailing list