Call for testing: OpenSSH 7.2
Darren Tucker
dtucker at zip.com.au
Thu Feb 18 13:14:11 AEDT 2016
On Wed, Feb 17, 2016 at 05:43:21PM -0800, Carson Gaspar wrote:
> On 2/17/16 3:02 PM, Carson Gaspar wrote:
> >
> >Sadly I'm hitting a different autoconf bug :-(
>
> I was being an idiot - configure was bombing out & I didn't notice (boy that
> openssl version error message is loooooong...)
>
> With Mr. Wilson's patch, I still get:
Damien posted the (probable) fix for this a while upthread.
I've rolled it into the WIP patch from Alex Wilson. I think this should
fix both.
diff --git a/configure.ac b/configure.ac
index b4c0aaa..e36b049 100644
--- a/configure.ac
+++ b/configure.ac
@@ -896,11 +896,9 @@ mips-sony-bsd|mips-sony-newsos4)
else
AC_MSG_RESULT([no])
fi
- AC_CHECK_FUNC([setppriv],
- [ AC_CHECK_HEADERS([priv.h], [
- SOLARIS_PRIVS="yes"
- ])
- ])
+ AC_CHECK_FUNCS([setppriv])
+ AC_CHECK_FUNCS([priv_basicset])
+ AC_CHECK_HEADERS([priv.h])
AC_ARG_WITH([solaris-contracts],
[ --with-solaris-contracts Enable Solaris process contracts (experimental)],
[
@@ -925,7 +923,9 @@ mips-sony-bsd|mips-sony-newsos4)
[ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)],
[
AC_MSG_CHECKING([for Solaris/Illumos privilege support])
- if test "x$SOLARIS_PRIVS" = "xyes" ; then
+ if test "x$ac_cv_func_setppriv" = "xyes" -a \
+ "x$ac_cv_header_priv_h" = "xyes" ; then
+ SOLARIS_PRIVS=yes
AC_MSG_RESULT([found])
AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
[Define to disable UID restoration test])
diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c
index 962cd16..e36e412 100644
--- a/openbsd-compat/port-solaris.c
+++ b/openbsd-compat/port-solaris.c
@@ -233,6 +233,26 @@ solaris_set_default_project(struct passwd *pw)
# include <priv.h>
# endif
+priv_set_t *
+solaris_basic_privset(void)
+{
+ priv_set_t *pset;
+
+#ifdef HAVE_PRIV_BASICSET
+ if ((pset = priv_allocset()) == NULL) {
+ error("priv_allocset: %s", strerror(errno));
+ return NULL;
+ }
+ priv_basicset(pset);
+#else
+ if ((pset = priv_str_to_set("basic", ",", NULL)) == NULL) {
+ error("priv_str_to_set: %s", strerror(errno));
+ return NULL;
+ }
+#endif
+ return pset;
+}
+
void
solaris_drop_privs_pinfo_net_fork_exec(void)
{
@@ -254,11 +274,10 @@ solaris_drop_privs_pinfo_net_fork_exec(void)
* etc etc).
*/
- if ((pset = priv_allocset()) == NULL ||
- (npset = priv_allocset()) == NULL)
+ if ((pset = priv_allocset()) == NULL)
fatal("priv_allocset: %s", strerror(errno));
-
- priv_basicset(npset);
+ if ((npset = solaris_basic_privset()) == NULL)
+ fatal("solaris_basic_privset: %s", strerror(errno));
if (priv_addset(npset, PRIV_FILE_CHOWN) != 0 ||
priv_addset(npset, PRIV_FILE_DAC_READ) != 0 ||
@@ -268,7 +287,9 @@ solaris_drop_privs_pinfo_net_fork_exec(void)
fatal("priv_addset: %s", strerror(errno));
if (priv_delset(npset, PRIV_FILE_LINK_ANY) != 0 ||
+#ifdef PRIV_NET_ACCESS
priv_delset(npset, PRIV_NET_ACCESS) != 0 ||
+#endif
priv_delset(npset, PRIV_PROC_EXEC) != 0 ||
priv_delset(npset, PRIV_PROC_FORK) != 0 ||
priv_delset(npset, PRIV_PROC_INFO) != 0 ||
@@ -294,14 +315,14 @@ solaris_drop_privs_root_pinfo_net(void)
{
priv_set_t *pset = NULL;
- if ((pset = priv_allocset()) == NULL)
- fatal("priv_allocset: %s", strerror(errno));
-
/* Start with "basic" and drop everything we don't need. */
- priv_basicset(pset);
+ if ((pset = solaris_basic_privset()) == NULL)
+ fatal("solaris_basic_privset: %s", strerror(errno));
if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 ||
+#ifdef PRIV_NET_ACCESS
priv_delset(pset, PRIV_NET_ACCESS) != 0 ||
+#endif
priv_delset(pset, PRIV_PROC_INFO) != 0 ||
priv_delset(pset, PRIV_PROC_SESSION) != 0)
fatal("priv_delset: %s", strerror(errno));
@@ -319,14 +340,15 @@ solaris_drop_privs_root_pinfo_net_exec(void)
{
priv_set_t *pset = NULL;
- if ((pset = priv_allocset()) == NULL)
- fatal("priv_allocset: %s", strerror(errno));
/* Start with "basic" and drop everything we don't need. */
- priv_basicset(pset);
+ if ((pset = solaris_basic_privset()) == NULL)
+ fatal("solaris_basic_privset: %s", strerror(errno));
if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 ||
+#ifdef PRIV_NET_ACCESS
priv_delset(pset, PRIV_NET_ACCESS) != 0 ||
+#endif
priv_delset(pset, PRIV_PROC_EXEC) != 0 ||
priv_delset(pset, PRIV_PROC_INFO) != 0 ||
priv_delset(pset, PRIV_PROC_SESSION) != 0)
diff --git a/openbsd-compat/port-solaris.h b/openbsd-compat/port-solaris.h
index b077e18..3a41ea8 100644
--- a/openbsd-compat/port-solaris.h
+++ b/openbsd-compat/port-solaris.h
@@ -26,8 +26,11 @@ void solaris_contract_pre_fork(void);
void solaris_contract_post_fork_child(void);
void solaris_contract_post_fork_parent(pid_t pid);
void solaris_set_default_project(struct passwd *);
+# ifdef USE_SOLARIS_PRIVS
+priv_set_t *solaris_basic_privset(void);
void solaris_drop_privs_pinfo_net_fork_exec(void);
void solaris_drop_privs_root_pinfo_net(void);
void solaris_drop_privs_root_pinfo_net_exec(void);
+# endif /* USE_SOLARIS_PRIVS */
#endif
diff --git a/sandbox-solaris.c b/sandbox-solaris.c
index 98714e1..343a010 100644
--- a/sandbox-solaris.c
+++ b/sandbox-solaris.c
@@ -48,19 +48,20 @@ ssh_sandbox_init(struct monitor *monitor)
struct ssh_sandbox *box = NULL;
box = xcalloc(1, sizeof(*box));
- box->pset = priv_allocset();
+
+ /* Start with "basic" and drop everything we don't need. */
+ box->pset = solaris_basic_privset();
if (box->pset == NULL) {
free(box);
return NULL;
}
- /* Start with "basic" and drop everything we don't need. */
- priv_basicset(box->pset);
-
/* Drop everything except the ability to use already-opened files */
if (priv_delset(box->pset, PRIV_FILE_LINK_ANY) != 0 ||
+#ifdef PRIV_NET_ACCESS
priv_delset(box->pset, PRIV_NET_ACCESS) != 0 ||
+#endif
priv_delset(box->pset, PRIV_PROC_EXEC) != 0 ||
priv_delset(box->pset, PRIV_PROC_FORK) != 0 ||
priv_delset(box->pset, PRIV_PROC_INFO) != 0 ||
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list