Hi,
We would like to make one of our periodic releases shortly, so once
again we are asking for readers of this list (or anyone else) to
download and test a CVS snapshot of OpenSSH on your favourite
platforms.
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable snapshots are available the mirrors listed at
http://www.openssh.com/portable.html#ftp in the snapshots/
subdirectory
Please test! Running the regression tests supplied with Portable does
not require installation and is a simply:
$ ./configure && make tests
Testing on suitable non-production systems is also appreciated. Please
send reports of success or failure to openssh-unix-dev at mindrot.org.
Also, OpenSSH Portable has a (completely voluntary) configuration
survey. It will collect information about the platform and the
options OpenSSH was configured with and mail it to an archive. We
tried to be careful not to collect anything that might be considered
sensitive, however if anyone has any issues with the data collected
then please let us know).
The raw data will be available only to the development team, however
we may publish summary data at some point in the future. This data
will help us to better support your platforms.
You can view the data that is collected by running "make survey" and
looking at the file "survey" in the build dir. The data is not sent
until you explicitly request it ("make send-survey"). If you have any
doubts at all then ask us (or just don't send it).
Some of the changes in the coming release include:
- Add a new compression method that delays the start of zlib
compression until the user has been authenticated successfully. The
new method "Compression=delayed" is on by default in the server.
This eliminates the risk of another zlib vulnerability leading to
a compromise of the server by a user without authentication
credentials.
NB. Older OpenSSH (<3.5) version have a bug which will cause them
to refuse to connect to any server that does not offer compression
when the client has compression requested. Since the new "delayed"
server mode isn't supported by these older clients, they will
refuse to connect to a new server unless compression is disabled
(on the client end) or the original compression method is enabled
on the server ("Compression=yes" in sshd_config)
- Another round of proactive changes for signed vs unsigned integer
bugs has been completed, including changing the atomicio() API to
encourage safer programming. As a result of these changes, OpenSSH
is now "gcc -Wsign-compare" clean on most platforms.
- Added support for the improved arcfour cipher modes from
draft-harris-ssh-arcfour-fixes-02. The improves the cipher's
resistance to a number of attacks by discarding early keystream
output.
- Increase the default size of new RSA/DSA keys generated by
ssh-keygen from 1024 to 2048 bits.
- Many bugfixes and improvements to connection multiplexing,
including:
- Added ControlMaster=auto/autoask options to support opportunistic
multiplexing (see the ssh_config(5) manpage for details).
- The client will now gracefully fallback to starting a new TCP
connection if it cannot connect to a specified multiplexing
control socket
- Added %h (target hostname), %p (target port) and %r (remote
username) expansion sequences to ControlPath. Also allow
ControlPath=none to disable connection multiplexing.
- Implemented support for X11 and agent forwarding over multiplexed
connections. Because of protocol limitations, the slave
connections inherit the master's DISPLAY and SSH_AUTH_SOCK rather
than distinctly forwarding their own.
- The following bugs from http://bugzilla.mindrot.org/ were closed:
#1025 - Correctly handle disabled special character in ttymodes
#1054 - Don't terminate connection on getpeername() failure
#1046 - AIX 5.3 Garbage on Login
#623 - Don't use $HOME in manpages
#829 - Don't allocate a tty if -n option is set
#471 - Misleading error message if /dev/tty perms wrong
#1033 - Fix compile-time warnings
- Lots of other improvements and fixes. Please refer to the ChangeLog
for details
Thanks to everyone who has contributed patches, problem or test reports.
Regards,
Damien Miller
Hi, On Mon, Aug 22, 2005 at 08:41:01PM +1000, Damien Miller wrote:> Please test! Running the regression tests supplied with Portable does > not require installation and is a simply: > > $ ./configure && make testsNetBSD 2.0.1 on Sparc64, OpenSSH CVS snapshot as of today. "autoreconf" gives a couple of warnings. "make" runs through just fine. "make tests" runs fine. "make (send-)survey" -> done :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany gert at greenie.muc.de fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
Test on Solaris 8 failed with the below output:
run test multiplex.sh ...
test connection multiplexing: envpass
ssh: otherhost: host/servname not known
environment not found
test connection multiplexing: transfer
ssh: otherhost: host/servname not known
cmp: EOF on /home/m27310/openssh/regress/ls.copy
ssh -Sctl: corrupted copy of /bin/ls
ssh: otherhost: host/servname not known
cmp: EOF on /home/m27310/openssh/regress/ls.copy
ssh -S ctl: corrupted copy of /bin/ls
sftp: failed copy /bin/ls
cmp: /home/m27310/openssh/regress/ls.copy: No such file or directory
sftp: corrupted copy of /bin/ls
test connection multiplexing: status 0
test connection multiplexing: status 1
test connection multiplexing: status 4
test connection multiplexing: status 5
test connection multiplexing: status 44
Master running (pid=27238)
Exit request sent.
failed connection multiplexing
make[1]: *** [t-exec] Error 1
make[1]: Leaving directory `/home/m27310/openssh/regress'
make: *** [tests] Error 2
Built like so:
./configure --without-zlib-version-check --with-tcp-wrappers --with-pam
Tests were run as an unprivileged user. Solaris 8 patch level is
117350-20.
Happy to help with any further information.
Bill Knox
Lead Operating Systems Programmer/Analyst
The MITRE Corporation
-----Original Message-----
From: openssh-unix-dev-bounces+wknox=mitre.org at mindrot.org
[mailto:openssh-unix-dev-bounces+wknox=mitre.org at mindrot.org] On Behalf
Of Damien Miller
Sent: Monday, August 22, 2005 6:41 AM
To: openssh-unix-dev at mindrot.org; openssh-unix-announce at mindrot.org
Subject: Call for release testing
Hi,
We would like to make one of our periodic releases shortly, so once
again we are asking for readers of this list (or anyone else) to
download and test a CVS snapshot of OpenSSH on your favourite
platforms.
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable snapshots are available the mirrors listed at
http://www.openssh.com/portable.html#ftp in the snapshots/
subdirectory
Please test! Running the regression tests supplied with Portable does
not require installation and is a simply:
$ ./configure && make tests
Testing on suitable non-production systems is also appreciated. Please
send reports of success or failure to openssh-unix-dev at mindrot.org.
Also, OpenSSH Portable has a (completely voluntary) configuration
survey. It will collect information about the platform and the
options OpenSSH was configured with and mail it to an archive. We
tried to be careful not to collect anything that might be considered
sensitive, however if anyone has any issues with the data collected
then please let us know).
The raw data will be available only to the development team, however
we may publish summary data at some point in the future. This data
will help us to better support your platforms.
You can view the data that is collected by running "make survey" and
looking at the file "survey" in the build dir. The data is not sent
until you explicitly request it ("make send-survey"). If you have any
doubts at all then ask us (or just don't send it).
Some of the changes in the coming release include:
- Add a new compression method that delays the start of zlib
compression until the user has been authenticated successfully. The
new method "Compression=delayed" is on by default in the server.
This eliminates the risk of another zlib vulnerability leading to
a compromise of the server by a user without authentication
credentials.
NB. Older OpenSSH (<3.5) version have a bug which will cause them
to refuse to connect to any server that does not offer compression
when the client has compression requested. Since the new "delayed"
server mode isn't supported by these older clients, they will
refuse to connect to a new server unless compression is disabled
(on the client end) or the original compression method is enabled
on the server ("Compression=yes" in sshd_config)
- Another round of proactive changes for signed vs unsigned integer
bugs has been completed, including changing the atomicio() API to
encourage safer programming. As a result of these changes, OpenSSH
is now "gcc -Wsign-compare" clean on most platforms.
- Added support for the improved arcfour cipher modes from
draft-harris-ssh-arcfour-fixes-02. The improves the cipher's
resistance to a number of attacks by discarding early keystream
output.
- Increase the default size of new RSA/DSA keys generated by
ssh-keygen from 1024 to 2048 bits.
- Many bugfixes and improvements to connection multiplexing,
including:
- Added ControlMaster=auto/autoask options to support opportunistic
multiplexing (see the ssh_config(5) manpage for details).
- The client will now gracefully fallback to starting a new TCP
connection if it cannot connect to a specified multiplexing
control socket
- Added %h (target hostname), %p (target port) and %r (remote
username) expansion sequences to ControlPath. Also allow
ControlPath=none to disable connection multiplexing.
- Implemented support for X11 and agent forwarding over multiplexed
connections. Because of protocol limitations, the slave
connections inherit the master's DISPLAY and SSH_AUTH_SOCK rather
than distinctly forwarding their own.
- The following bugs from http://bugzilla.mindrot.org/ were closed:
#1025 - Correctly handle disabled special character in ttymodes
#1054 - Don't terminate connection on getpeername() failure
#1046 - AIX 5.3 Garbage on Login
#623 - Don't use $HOME in manpages
#829 - Don't allocate a tty if -n option is set
#471 - Misleading error message if /dev/tty perms wrong
#1033 - Fix compile-time warnings
- Lots of other improvements and fixes. Please refer to the ChangeLog
for details
Thanks to everyone who has contributed patches, problem or test reports.
Regards,
Damien Miller
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev at mindrot.org
http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
Damien Miller wrote:> Hi, > > We would like to make one of our periodic releases shortly, so once > again we are asking for readers of this list (or anyone else) to > download and test a CVS snapshot of OpenSSH on your favourite > platforms. > > The OpenBSD version is available in CVS HEAD: > http://www.openbsd.org/anoncvs.html > > Portable snapshots are available the mirrors listed at > http://www.openssh.com/portable.html#ftp in the snapshots/ > subdirectory > > Please test! Running the regression tests supplied with Portable does > not require installation and is a simply: > > $ ./configure && make testsHi, Tested on Debian sarge, with no problems. Tested on Sourcemage stable, with no problems. One small issue, is that the tests assume that there is an existing installation with privsep, and hence require a /var/empty directory to exist in the filesystem. run test connect.sh ... Missing privilege separation directory: /var/empty FATAL: sshd_proxy broken After creating the /var/empty directory, the tests pass correctly... is this desired behaviour for the test suite ? Should the tests be run inside a fakeroot or chroot instead ? Damien
Damien Mascord wrote:> One small issue, is that the tests assume that there is an existing > installation with privsep, and hence require a /var/empty directory to > exist in the filesystem. > > run test connect.sh ... > Missing privilege separation directory: /var/empty > FATAL: sshd_proxy broken > > After creating the /var/empty directory, the tests pass correctly... is > this desired behaviour for the test suite ? Should the tests be run > inside a fakeroot or chroot instead ?Probably not. A real chroot requires root privs and must be created (which is fiddly and very system dependant). fakeroot and friends have to be installed/provided and require a LD_PRELOAD which is not available on some platforms. I probably ought to be documented as a limitation, though. Or maybe we could check for the existence of the user and directory and disable the privsep tests if missing (eg by unsetting SUDO). -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Hello All,> Hi, > > On Mon, Aug 22, 2005 at 08:41:01PM +1000, Damien Miller wrote: > > Please test! Running the regression tests supplied with Portable does > > not require installation and is a simply: > > > > $ ./configure && make testsPlatforms : HP-UX B.11.23 U ia64 & HP-UX B.11.11 U 9000/800 Except the following tests, all others passed>> run test agent-getpeereid.sh ...skipped (not supported on this platform)>>run test agent-ptrace.sh ...skipped (SUDO not set)>>run test dynamic-forward.sh ...skipped (no suitable ProxyCommand found) Thanks Michael
On Aug 22 20:41, Damien Miller wrote:> Hi, > > We would like to make one of our periodic releases shortly, so once > again we are asking for readers of this list (or anyone else) to > download and test a CVS snapshot of OpenSSH on your favourite > platforms. > > The OpenBSD version is available in CVS HEAD: > http://www.openbsd.org/anoncvs.html > > Portable snapshots are available the mirrors listed at > http://www.openssh.com/portable.html#ftp in the snapshots/ > subdirectory > > Please test! Running the regression tests supplied with Portable does > not require installation and is a simply: > > $ ./configure && make testsI've tested the CVS version from yesterday on Cygwin 1.5.18 and 1.5.19 (upcoming version). `autoreconf', `make', `make install' run fine. Installed version works as expected. `make tests' *could* run through with no errors, but there's a bug in regress/test-exec.sh, which results in the testsuite not running: # Path to sshd must be absolute for rexec if [ ! -x /$SSHD ]; then SSHD=`which sshd` fi The above test `-x /$SSHD' fails on Cygwin. The reason is that $SSHD already contains an absolute path. Therefore the evaluated path which is tested in the above case starts with two leading slashes, like this: if [ ! -x //usr/src/openssh/build/sshd ] The problem here is that paths beginning with two slashes are SMB network paths on Cygwin/Windows. So in the above case, the statement hangs and eventually fails, because Cygwin searches for a file src/openssh/build/sshd on the SMB server named "usr". Please note that this is NOT a bug in Cygwin. Paths beginning with two slashes being different from paths beginning with one slash are blessed by SUSv3, see http://www.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap04.html Chapter 4.11 "Pathname Resolution", last paragraph: A pathname consisting of a single slash shall resolve to the root directory of the process. [...] A pathname that begins with two successive slashes may be interpreted in an implementation-defined manner, although more than two leading slashes shall be treated as a single slash. So the above test should either make sure that the evaluated path beginns with only one slash, or with more than 2 slashes. The latter idea looks most easy to implement: # Path to sshd must be absolute for rexec if [ ! -x ///$SSHD ]; then SSHD=`which sshd` fi Corinna -- Corinna Vinschen Cygwin Project Co-Leader Red Hat, Inc.
On Aug 23 16:10, Darren Tucker wrote:> Damien Mascord wrote: > > One small issue, is that the tests assume that there is an existing > > installation with privsep, and hence require a /var/empty directory to > > exist in the filesystem. > > > > run test connect.sh ... > > Missing privilege separation directory: /var/empty > > FATAL: sshd_proxy broken > > > > After creating the /var/empty directory, the tests pass correctly... is > > this desired behaviour for the test suite ? Should the tests be run > > inside a fakeroot or chroot instead ? > > Probably not. > > A real chroot requires root privs and must be created (which is fiddly > and very system dependant). > > fakeroot and friends have to be installed/provided and require a > LD_PRELOAD which is not available on some platforms. > > I probably ought to be documented as a limitation, though. Or maybe we > could check for the existence of the user and directory and disable the > privsep tests if missing (eg by unsetting SUDO).Is there a problem to make the privsep path configurable? Corinna -- Corinna Vinschen Cygwin Project Co-Leader Red Hat, Inc.
Damien Miller wrote:> Also, OpenSSH Portable has a (completely voluntary) configuration > survey [...] > The raw data will be available only to the development team, however > we may publish summary data at some point in the future. This data > will help us to better support your platforms.In case anyone is morbidly curious about the high-level results of the survey so far, the results are below (41 responses in total, all numbers as percentages) breakdown by operating system (as reported by uname) 39.0 Linux 9.8 AIX 7.3 NetBSD 7.3 SunOS 4.9 HP-UX 4.9 OpenBSD 4.9 FreeBSD 4.9 SCO_SV 4.9 UnixWare 4.9 Darwin 2.4 sco42 2.4 CYGWIN_NT-5.1 2.4 UNIX_SV breakdown by architecture 68.3 i386 14.6 powerpc 7.3 sparc 2.4 hppa2.0w 2.4 x86_64 2.4 hppa2.0n 2.4 sparc64 breakdown by compiler 34.1 gcc 3.3.x 14.6 gcc 3.4.x 14.6 gcc 2.95.x 7.3 gcc 2.96.x 7.3 gcc 3.2.x 4.9 gcc 4.0.x 4.9 cc 4.9 gcc 2.7.x 2.4 ccache gcc 2.4 egcs 2.91.66 2.4 icc breakdown by configure options 26.8 --prefix 24.4 --with-tcp-wrappers 24.4 --sysconfdir 24.4 --with-privsep-path 17.1 --with-pam 14.6 --with-superuser-path 14.6 --with-default-path 12.2 --mandir 12.2 --with-privsep-user 12.2 --infodir 9.8 --disable-etc-default-login 9.8 --datadir 9.8 --localstatedir 7.3 --with-xauth 7.3 --with-md5-passwords 7.3 --with-mantype 7.3 --libexecdir 7.3 --with-kerberos5 7.3 --with-cflags 7.3 --with-ssl-dir 4.9 --with-audit 4.9 --disable-suid-ssh 4.9 --with-libedit 4.9 --without-zlib-version-check 4.9 --with-zlib 4.9 --without-kerberos5 4.9 --with-ldflags 4.9 --with-pid-dir 2.4 --without-libedit 2.4 --sharedstatedir 2.4 --without-rpath 2.4 --with-prngd-socket 2.4 --with-cppflags 2.4 --build 2.4 --disable-strip 2.4 --with-lastlog 2.4 --without-opensc 2.4 --without-skey 2.4 --with-random 2.4 --host 2.4 --with-prngd-port -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
On Mon, Aug 22, 2005 at 08:41:01PM +1000, Damien Miller wrote:> Hi, > > We would like to make one of our periodic releases shortly, so once > again we are asking for readers of this list (or anyone else) to > download and test a CVS snapshot of OpenSSH on your favourite > platforms. > > The OpenBSD version is available in CVS HEAD: > http://www.openbsd.org/anoncvs.html > > Portable snapshots are available the mirrors listed at > http://www.openssh.com/portable.html#ftp in the snapshots/ > subdirectory > > Please test! Running the regression tests supplied with Portable does > not require installation and is a simply: > > $ ./configure && make tests > > Testing on suitable non-production systems is also appreciated. Please > send reports of success or failure to openssh-unix-dev at mindrot.org. > > Also, OpenSSH Portable has a (completely voluntary) configuration > survey. It will collect information about the platform and the > options OpenSSH was configured with and mail it to an archive. We > tried to be careful not to collect anything that might be considered > sensitive, however if anyone has any issues with the data collected > then please let us know). > > The raw data will be available only to the development team, however > we may publish summary data at some point in the future. This data > will help us to better support your platforms. > > You can view the data that is collected by running "make survey" and > looking at the file "survey" in the build dir. The data is not sent > until you explicitly request it ("make send-survey"). If you have any > doubts at all then ask us (or just don't send it). > > Some of the changes in the coming release include: > > - Add a new compression method that delays the start of zlib > compression until the user has been authenticated successfully. The > new method "Compression=delayed" is on by default in the server. > This eliminates the risk of another zlib vulnerability leading to > a compromise of the server by a user without authentication > credentials. > > NB. Older OpenSSH (<3.5) version have a bug which will cause them > to refuse to connect to any server that does not offer compression > when the client has compression requested. Since the new "delayed" > server mode isn't supported by these older clients, they will > refuse to connect to a new server unless compression is disabled > (on the client end) or the original compression method is enabled > on the server ("Compression=yes" in sshd_config) > > - Another round of proactive changes for signed vs unsigned integer > bugs has been completed, including changing the atomicio() API to > encourage safer programming. As a result of these changes, OpenSSH > is now "gcc -Wsign-compare" clean on most platforms. > > - Added support for the improved arcfour cipher modes from > draft-harris-ssh-arcfour-fixes-02. The improves the cipher's > resistance to a number of attacks by discarding early keystream > output. > > - Increase the default size of new RSA/DSA keys generated by > ssh-keygen from 1024 to 2048 bits. > > - Many bugfixes and improvements to connection multiplexing, > including: > > - Added ControlMaster=auto/autoask options to support opportunistic > multiplexing (see the ssh_config(5) manpage for details). > > - The client will now gracefully fallback to starting a new TCP > connection if it cannot connect to a specified multiplexing > control socket > > - Added %h (target hostname), %p (target port) and %r (remote > username) expansion sequences to ControlPath. Also allow > ControlPath=none to disable connection multiplexing. > > - Implemented support for X11 and agent forwarding over multiplexed > connections. Because of protocol limitations, the slave > connections inherit the master's DISPLAY and SSH_AUTH_SOCK rather > than distinctly forwarding their own. > > - The following bugs from http://bugzilla.mindrot.org/ were closed: > > #1025 - Correctly handle disabled special character in ttymodes > #1054 - Don't terminate connection on getpeername() failure > #1046 - AIX 5.3 Garbage on Login > #623 - Don't use $HOME in manpages > #829 - Don't allocate a tty if -n option is set > #471 - Misleading error message if /dev/tty perms wrong > #1033 - Fix compile-time warnings > > - Lots of other improvements and fixes. Please refer to the ChangeLog > for details > > Thanks to everyone who has contributed patches, problem or test reports. > > Regards, > Damien MillerDamien, BSD/OS 4.3.1 and FreeBSD 4.X running current Zlib and Opensll 0.9.8a are all doing fine thank you. -- Member - Liberal International This is doctor at nl2k.ab.ca Ici doctor at nl2k.ab.ca God Queen and country! Beware Anti-Christ rising! Better to serve in Heaven that to Rule in Hell.
Knox,William R. wrote:> Test on Solaris 8 failed with the below output:[...]> Built like so: > ./configure --without-zlib-version-check --with-tcp-wrappers --with-pamCould you please run the test with "set -x"? The easiest way is to add "set -x" at the start of test-exec.sh then rerun the test: $ make tests LTESTS=multiplex TEST_SSH_TRACE=yes -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
OK, it appears as though it ran fine that time. Added set -x as the
first line of the test-exec.sh file and ran the command as detailed
below. Output is attached. A subsequent run of the entire test after
removing the set -x entry also turned up no errors. I don't know whether
to be pleased or disappointed (I hate unreproducible errors). I've also
run the make send-survey - let me know if you want any information from
that.
For now, I guess Solaris 8 is a pass. Let me know if you want any more
information.
Bill Knox
Lead Operating Systems Programmer/Analyst
The MITRE Corporation
-----Original Message-----
From: Darren Tucker [mailto:dtucker at zip.com.au]
Sent: Tuesday, August 23, 2005 9:04 AM
To: Knox,William R.
Cc: openssh-unix-dev at mindrot.org
Subject: Re: Call for release testing
Knox,William R. wrote:> Test on Solaris 8 failed with the below output:
[...]> Built like so:
> ./configure --without-zlib-version-check --with-tcp-wrappers
--with-pam
Could you please run the test with "set -x"? The easiest way is to
add
"set -x" at the start of test-exec.sh then rerun the test:
$ make tests LTESTS=multiplex TEST_SSH_TRACE=yes
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Once upon a time, Damien Miller <djm at mindrot.org> said:> Please test! Running the regression tests supplied with Portable does > not require installation and is a simply: > > $ ./configure && make testsTru64 passes all tests except for skipped tests: run test agent-getpeereid.sh ... skipped (not supported on this platform) Tru64 doesn't have getpeereid. run test agent-ptrace.sh ... skipped (not supported on this platform) I don't think there's a way to disable ptrace on Tru64. run test dynamic-forward.sh ... skipped (no suitable ProxyCommand found) I'll look at installing the mentioned program for this test. run test multiplex.sh ... skipped (not supported on this platform) It looks like the multiplex.sh test checks for DISABLE_FD_PASSING and skips the test if it is defined, but I don't see why (it doesn't look like the mux code checks DISABLE_FD_PASSING). The only reason DISABLE_FD_PASSING is set on my system is because it is Tru64 with SIA (which can't handle privsep). FD passing works fine; maybe disabling privsep should depend on a different option? Anyway, commenting out the DISABLE_FD_PASSING check in multiplex.sh allows it to run that test, and it then passes. -- Chris Adams <cmadams at hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.