On 11/12/15 6:24 PM, Darren Tucker wrote:>
> As long as someone is willing to do the work and help with tests
> (which it sounds like you are), the support doesn't compromise other
> platforms or make maintenance significantly harder then I have no
> objections to it going in.
Sounds good to me. We're already running with this patch in
(pre-)production, and I'm definitely happy to help out with any
additional testing needed.
>
> The code itself looks quite reasonable. Placing it inline in the main
> source files is problematic since it makes maintenance of those files
> harder, but it it should fit nicely in openbsd-compat/port-solaris.c.
> ...
> The other place these look like the'd be useful is in the pre-auth
> privsep sandbox...
>
Ok, please find attached a revised version. I've moved all of the
pre-auth privsep bit into a new sandbox-solaris.c, and for the ssh-agent
and sftp-server I've created the platform_drop_agent_privs() and
platform_drop_sftp_server_privs() hooks which, if USE_SOLARIS_PRIVS is
enabled then call out to the code that's now in
openbsd-compat/port-solaris.c
Does this look a bit better? The biggest annoyance I had is that now
ssh-agent and sftp-server have to link against platform.o, and the
easiest way to organise that seemed to be to add it to libssh.a. So now
all the cmdline tools also link against libcontract and libproject,
instead of just the daemon.
Using a platform_* function seems like a nicer interface than just
calling a port-solaris function inside an #ifdef in each of them, though
-- you can just add some code now in platform.c that uses pledge()
instead, for example. So maybe it's fine to have a bit of extra link bloat.
-------------- next part --------------