Hi, when trying to install openssh I get the following errors. Any
idea of why?
This is on a mac 10.4.10 system, and with the 4.7p1 version.
Appreciate any tips.
Thanks,
Anil
if test ! -z ""; then \
/usr/bin/perl ./fixprogs ssh_prng_cmds ; \
fi
(cd openbsd-compat && make)
make[1]: Nothing to be done for `all'.
gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -I. -I. -DSSHDIR=
\"/sw/HPN-ssh/etc\" -D_PAT
H_SSH_PROGRAM=\"/sw/HPN-ssh/bin/ssh\"
-D_PATH_SSH_ASKPASS_DEFAULT=\"/
sw/HPN-ssh/libexec/ssh-as
kpass\" -D_PATH_SFTP_SERVER=\"/sw/HPN-ssh/libexec/sftp-server\" -
D_PATH_SSH_KEY_SIGN=\"/sw/HPN
-ssh/libexec/ssh-keysign\" -D_PATH_SSH_PIDDIR=\"/var/run\" -
D_PATH_PRIVSEP_CHROOT_DIR=\"/var/e
mpty\" -DSSH_RAND_HELPER=\"/sw/HPN-ssh/libexec/ssh-rand-helper\"
-
DHAVE_CONFIG_H -c readpass.c
openbsd-compat/vis.h:85: bad attribute specification, expecting
identifier, found `)'
openbsd-compat/vis.h:87: bad attribute specification, expecting
identifier, found `)'
openbsd-compat/vis.h:91: bad attribute specification, expecting
identifier, found `)'
readpass.c:40: warning: could not use precompiled header '/usr/
include/unistd-gcc3.p', because
:
readpass.c:40: warning: macro 'optreset' defined by defines.h
conflicts with precomp
misc.h:33: bad attribute specification, expecting identifier, found `)'
misc.h:66: bad attribute specification, expecting identifier, found `)'
misc.h:68: bad attribute specification, expecting identifier, found `)'
misc.h:70: bad attribute specification, expecting identifier, found `)'
misc.h:72: bad attribute specification, expecting identifier, found `)'
misc.h:74: bad attribute specification, expecting identifier, found `)'
misc.h:76: bad attribute specification, expecting identifier, found `)'
cpp-precomp: warning: errors during smart preprocessing, retrying in
basic mode
In file included from readpass.c:42:
xmalloc.h:26: warning: `__nonnull__' attribute directive ignored
readpass.c: In function `read_passphrase':
readpass.c:119: `RPP_ECHO_ON' undeclared (first use in this function)
readpass.c:119: (Each undeclared identifier is reported only once
readpass.c:119: for each function it appears in.)
readpass.c:119: `RPP_ECHO_OFF' undeclared (first use in this function)
readpass.c:128: `RPP_REQUIRE_TTY' undeclared (first use in this
function)
readpass.c:153: warning: implicit declaration of function
`readpassphrase'
make: *** [readpass.o] Error 1
-------------------------------------------------------------------
Dr. Anil Deane
Associate Research Professor
Institute for Physical Science and Technology
University of Maryland
College Park, MD 20742-2431
Tel: (301) 405-4866
Fax: (301) 314-9363
-------------------------------------------------------------------
On Mon, Sep 17, 2007 at 02:13:29PM -0400, Anil Deane wrote:> Hi, when trying to install openssh I get the following errors. Any > idea of why? > This is on a mac 10.4.10 system, and with the 4.7p1 version. > Appreciate any tips.Which gcc version are you using? [...]> openbsd-compat/vis.h:85: bad attribute specification, expecting > identifier, found `)'Looks like the compiler doesn't have the __bounded__ attribute, and also doesn't like having an empty __attribute__ list. You could try the following patch which substitutes a (mostly) harmless attribute that is supported back as gcc 2.7.2.3 (and at worst, should only cause a warning). Index: defines.h ==================================================================RCS file: /usr/local/src/security/openssh/cvs/openssh/defines.h,v retrieving revision 1.144 diff -u -p -r1.144 defines.h --- defines.h 17 Sep 2007 15:32:33 -0000 1.144 +++ defines.h 21 Sep 2007 02:41:58 -0000 @@ -440,7 +440,7 @@ struct winsize { #endif #if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__bounded__) -# define __bounded__(x, y, z) +# define __bounded__(x, y, z) __unused__ #endif #if !defined(HAVE_ATTRIBUTE__NONNULL__) && !defined(__nonnull__) -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
I understand that that is not how scp works today. I'm suggesting that we make a minor change to how it works. Here's the underlying reason why I think this is a good idea. The efforts required to lock down todays systems with their myriad of access features is not a trivial task. I'm not suggesting this will make it trivial to completely secure a system. I am suggesting this will make it trivial to secure one subset of the system. That subset being scp. Using chroot'd environments doesn't really work (or at least they were never intended to be used as a security tool) without tons of effort, and even then, they tend to break rapidly with simple system/software updates. sftp at the present time, gives access to too many additional commands / features that are unnecessary for a simple file transfer. scp would fit the bill nicely, with one minor change. Let's forget about translating ../ to something else. Given the "-T" instead of "-t" startup parameter, a simple walk through the parameters passed by the scp client spawning the scp server should do the following: Prefix the remote path with "./", so that remhost:/path/to/file becomes remhost:.//path/to/file. If the remote path contains "../" anywhere, error out. With this change, we can forget about scp-only or chroot'd environments and all the convoluted mess required to make that work. Either spawn scp with the "-T" via a public key authentication command entry, or the sshd_config file "UseSCPPathLock=Yes". Through this option, we get a secure method of transfering files without much effort. Combine this with pub-key authentication, and command= parameters, you can control where any user places their files if outside of their home directories. Simple user permissions on the remote server control whether or not writes are allowed, or just reads. A very simple change could open a whole lot of opportunity for usage expansion. If sftp-server had this same option, then that might work, however, I haven't seen that it does - yet there would seem to me to be a lot more changes required to implement the same idea within sftp-server as it would within scp. _________________________________________________________________ Windows Live Hotmail and Microsoft Office Outlook ? together at last. ?Get it now. http://office.microsoft.com/en-us/outlook/HA102225181033.aspx?pid=CL100626971033
Reasonably Related Threads
- scp -t . - possible idea for additional parameter
- Compile-time warning in readpass.c
- readpass.c patch
- Why are the arguments supplied for the command run through ssh interpreted by shell before they are passed to the command on the server side?
- [Bug 234] New: OpenSSH does not compile on OpenBSD 3.1