On Tue, 10 Mar 2015, Damien Miller wrote:
> On Fri, 6 Mar 2015, Damien Miller wrote:
>
>> On Wed, 4 Mar 2015, mikep at noc.utoronto.ca wrote:
>>
>>> Re-testing 'openssh-SNAP-20150305' on Solaris 10, with
'gcc':
>>>
>>> Configure, 'make' complete; 'make tests' fails at:
>>>
>>> postcondition check failed: setstat readonly
>>
>> I couldn't reporoduce this on an illumos zone that I had access to,
>> will try installing solaris10 next.
>
> I've been unable to get Solaris 10 working in a VM. Could you please
> apply the below patch and run:
>
> make tests LTESTS=sftp-perm SKIP_UNIT=1
>
> and report the last 20 or so lines of output? (I'm mostly interested in
those
> prefixed with 'XXX')
/opt/local/src/security/openssh/ssh-keygen -lf
/opt/local/src/security/openssh/regress//t10.out > /dev/null
/opt/local/src/security/openssh/ssh-keygen -Bf
/opt/local/src/security/openssh/regress//t10.out > /dev/null
/opt/local/src/security/openssh/ssh-keygen -E sha256 -lf
/opt/local/src/security/openssh/regress/rsa_openssh.pub |\
awk '{print $2}' | diff -
/opt/local/src/security/openssh/regress/t11.ok
/opt/local/src/security/openssh/ssh-keygen -lf
/opt/local/src/security/openssh/regress//t12.out.pub | grep -q test-comment-1234
run test sftp-perm.sh ...
YYY
sftp permissions: read-only setstat
XXX PRE RW: -r-------- 1 root 0 Mar 11 17:48
/opt/local/src/security/openssh/regress/copy
XXX POST RW: -rwx------ 1 root 0 Mar 11 17:48
/opt/local/src/security/openssh/regress/copy
XXX PRE RO: -r-------- 1 root 0 Mar 11 17:48
/opt/local/src/security/openssh/regress/copy
XXX POST RO: -r-------- 1 root 0 Mar 11 17:48
/opt/local/src/security/openssh/regress/copy
postcondition check failed: setstat readonly
FATAL: XXX
make[1]: *** [t-exec] Error 1
make[1]: Leaving directory `/opt/local/src/security/openssh/regress'
make: *** [tests] Error 2
> diff --git a/regress/sftp-perm.sh b/regress/sftp-perm.sh
> index 304ca0a..9a3740e 100644
> --- a/regress/sftp-perm.sh
> +++ b/regress/sftp-perm.sh
> @@ -41,13 +41,17 @@ ro_test() {
> verbose "$tid: read-only $_desc"
> # Plain (no options, mostly to test that _cmd is good)
> prepare_files "$_prep"
> + printf "XXX PRE RW: " ; ls -l $COPY
> prepare_server
> run_client "$_cmd" || fail "plain $_desc failed"
> + printf "XXX POST RW: " ; ls -l $COPY
> postcondition "$_desc no-readonly"
"$_expect_success_post"
> # Read-only enabled
> prepare_files "$_prep"
> + printf "XXX PRE RO: " ; ls -l $COPY
> prepare_server -R
> run_client "$_cmd" && fail "read-only $_desc
succeeded"
> + printf "XXX POST RO: " ; ls -l $COPY
> postcondition "$_desc readonly" "$_expect_fail_post"
> }
>
> @@ -80,20 +84,22 @@ perm_test() {
> run_client "$_cmd" && fail "no whitelist $_op
succeeded"
> postcondition "$_op not in whitelist"
"$_expect_fail_post"
> }
> -
> +if false ; then
> ro_test \
> "upload" \
> "put $DATA $COPY" \
> "" \
> "cmp $DATA $COPY" \
> "test ! -f $COPY"
> -
> +fi
> +echo YYY
> ro_test \
> "setstat" \
> "chmod 0700 $COPY" \
> "touch $COPY; chmod 0400 $COPY" \
> "test -x $COPY" \
> "test ! -x $COPY"
> +fatal XXX
>
> ro_test \
> "rm" \
Mike
--
Mike Peterson Information Security Analyst - Audit
E-mail: mikep at noc.utoronto.ca WWW: http://www.noc.utoronto.ca/
Tel: 416-978-5230 Fax: 416-978-6620