Call for testing: OpenSSH 7.2
Jeff Wieland
wieland at purdue.edu
Thu Feb 18 05:20:03 AEDT 2016
Carson Gaspar wrote:
> On 2/17/16 9:50 AM, Carson Gaspar wrote:
>> On 2/16/16 8:21 PM, Damien Miller wrote:
>>
>>> I think this should fix it. It would be good if someone with recent
>>> Solaris/
>>> Illumos that does have the fine-grained privilege support could test
>>> it too.
>>
>> Solaris 10 has setppriv, but does not have priv_basicset. To work on
>> Solaris 10, the call would need to be replaced with the equivalent set
>> of explicitly listed privs:
>>
>> "Of the privileges listed above, the privileges PRIV_FILE_LINK_ANY,
>> PRIV_FILE_READ, PRIV_FILE_WRITE, PRIV_PROC_INFO, PRIV_PROC_SESSION,
>> PRIV_NET_ACCESS, PRIV_PROC_FORK, and PRIV_PROC_EXEC are considered
>> "basic" privileges. These are privileges that used to be always avail-
>> able to unprivileged processes. By default, processes still have the
>> basic privileges."
>
> Of course that's the Sol 11 man page excerpt. Sol 10 doesn't have
> PRIV_FILE_{READ,WRITE}, but otherwise the basic privs are the same.
>
I'd be more that willing to try this out on Solaris 10.
--
Jeff Wieland | Purdue University
Network Systems Administrator | ITIS UNIX Platforms
Voice: (765)496-8234 | 155 S. Grant Street
FAX: (765)496-1380 | West Lafayette, IN 47907
More information about the openssh-unix-dev
mailing list