search for: priv_set_t

..., but I ended up dropping out of the discussion due to being on the road for most of the last couple of weeks. Anyway, the problems persist with OpenSSH 7.2p2 when building with --with-sandbox=solaris. I found that there's an error in openbsd-compat/port-solaris.h on line 30, because the type priv_set_t hasn't been defined: /opt/SUNWspro/bin/cc -m32 -xtarget=ultra -xarch=sparc -xO5 -xstrconst -xdepend -Xa -I. -I.. -I. -I./.. -I/opt/openssl-1.0/include -DHAVE_CONFIG_H -c arc4random.c "../openbsd-compat/port-solaris.h", line 30: warning: old-style declaration or incorrect type for...

On 2/17/16 3:02 PM, Carson Gaspar wrote: > > Sadly I'm hitting a different autoconf bug :-( I was being an idiot - configure was bombing out & I didn't notice (boy that openssl version error message is loooooong...) With Mr. Wilson's patch, I still get: "sandbox-solaris.c", line 22: #error: "--with-solaris-privs must be used with the Solaris sandbox"

...image and I''m seeing this dtrace problem when running any dtrace script: NODE hcb101 ~ $ ./tcpstat.sh dtrace: failed to compile script /dev/fd/10: "/usr/lib/dtrace/procfs.d", line 316: translator member pr_clname definition uses incompatible types: "char [8]" = "priv_set_t [4]" I can comment out the offending line in procfs.d: pr_clname = `sclass[T->t_cid].cl_name; and things appear to work. However I would like to know what updated files I need to copy from my Solaris workspace in order to keep dtrace happy without editing procfs.d. thanks, Mike -- Thi...

On Wed, 17 Feb 2016, Alex Wilson wrote: > On 2/17/16 2:04 PM, Alex Wilson wrote: > > I've attached a patch... > > > > Also at > > https://us-east.manta.joyent.com/arekinath/public/openssh-wip-fix-for-sol10-privs.patch > > If you are having trouble getting the patch out of the email. > > Also, as for Damien's patch, you will want to regenerate

...tr_to_set("basic", ",", NULL)) == NULL) + fatal("priv_str_to_set: %s", strerror(errno)); +#endif if (priv_addset(npset, PRIV_FILE_CHOWN) != 0 || priv_addset(npset, PRIV_FILE_DAC_READ) != 0 || @@ -294,11 +300,15 @@ solaris_drop_privs_root_pinfo_net(void) { priv_set_t *pset = NULL; + /* Start with "basic" and drop everything we don't need. */ +#if defined(HAVE_PRIV_BASICSET) if ((pset = priv_allocset()) == NULL) fatal("priv_allocset: %s", strerror(errno)); - - /* Start with "basic" and drop everything we don't need. *...

On Tue, 16 Feb 2016, Jeff Wieland wrote: > The Solaris privilege code breaks building on Solaris 10. If > you let configure just do its thing, you get the following error > when compiling: > > "sandbox-solaris.c", line 22: #error: "--with-solaris-privs must be used with > the Solaris sandbox" > > So, I did add "--with-solaris-privs" to the

...ar* privs[] = { + "PRIV_PROC_FORK", + "PRIV_PROC_EXEC", + "PRIV_FILE_CHOWN", + "PRIV_PROC_SETID", + "PRIV_PROC_CHROOT", + "PRIV_NET_PRIVADDR", + "PRIV_FILE_DAC_READ", + "PRIV_FILE_DAC_WRITE", + NULL + }, **p; + priv_set_t *priv_set; + int ret; + + priv_set = priv_allocset(); + if (priv_set == NULL) { + i_warning("Can't allocate memory for privilege set: %m"); + return; + } + + priv_emptyset(priv_set); + + for (p = privs; *p != NULL; p++) { + ret = priv_addset(priv_set, *p); + if (ret != 0) { + i_...

https://bugzilla.mindrot.org/show_bug.cgi?id=2511 Bug ID: 2511 Summary: Drop fine-grained privileges on Illumos/Solaris Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Solaris Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs