search for: setppriv

...laris/ Illumos that does have the fine-grained privilege support could test it too. diff --git a/configure.ac b/configure.ac index b4c0aaa..f614edf 100644 --- a/configure.ac +++ b/configure.ac @@ -896,11 +896,8 @@ mips-sony-bsd|mips-sony-newsos4) else AC_MSG_RESULT([no]) fi - AC_CHECK_FUNC([setppriv], - [ AC_CHECK_HEADERS([priv.h], [ - SOLARIS_PRIVS="yes" - ]) - ]) + AC_CHECK_FUNC([setppriv]) + AC_CHECK_HEADERS([priv.h]) AC_ARG_WITH([solaris-contracts], [ --with-solaris-contracts Enable Solaris process contracts (experimental)], [ @@ -925,7 +922,9 @@ mips-sony-bsd|mips-s...

...mponent: sshd Assignee: unassigned-bugs at mindrot.org Reporter: alex+mailinglists_openssh-dev at cooperi.net Created attachment 2761 --> https://bugzilla.mindrot.org/attachment.cgi?id=2761&action=edit patch On Illumos/Solaris we can drop fine-grained privileges using setppriv, both for the sshd sandbox and also where appropriate in other utilities like sftp-server and ssh-agent. This has a lot of cross-over with work to add pledge(2) calls to OpenSSH code. Entering this bug against sshd, since the sandbox component of this is almost certainly the most important from a...

On Wed, 17 Feb 2016, Alex Wilson wrote: > On 2/17/16 2:04 PM, Alex Wilson wrote: > > I've attached a patch... > > > > Also at > > https://us-east.manta.joyent.com/arekinath/public/openssh-wip-fix-for-sol10-privs.patch > > If you are having trouble getting the patch out of the email. > > Also, as for Damien's patch, you will want to regenerate

...need to run "autoreconf" after applying the patch to rebuild configure. Thanks. diff --git a/configure.ac b/configure.ac index b4c0aaa..5b50b9e 100644 --- a/configure.ac +++ b/configure.ac @@ -897,8 +897,10 @@ mips-sony-bsd|mips-sony-newsos4) AC_MSG_RESULT([no]) fi AC_CHECK_FUNC([setppriv], - [ AC_CHECK_HEADERS([priv.h], [ - SOLARIS_PRIVS="yes" + AC_CHECK_FUNC([priv_basicset], + [ AC_CHECK_HEADERS([priv.h], [ + SOLARIS_PRIVS="yes" + ]) ]) ]) AC_ARG_WITH([solaris-contracts], -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9...

...uid setreuid setegid setresgid \ strtoull strtoll strtouq strtoq \ setpriority quotactl getmntent kqueue kevent backtrace_symbols \ - walkcontext dirfd clearenv malloc_usable_size clock_gettime) + walkcontext dirfd clearenv malloc_usable_size clock_gettime \ + setppriv) dnl strtoimax and strtoumax are macros in HP-UX, so inttypes.h must be included AC_MSG_CHECKING([for strtoimax]) diff -r 8f41c9f3f392 src/master/Makefile.am --- a/src/master/Makefile.am Wed Nov 19 16:11:01 2008 +0200 +++ b/src/master/Makefile.am Wed Nov 19 14:18:36 2008 +0000 @@ -22,6 +22,7 @@...

On 2/17/16 9:50 AM, Carson Gaspar wrote: > Solaris 10 has setppriv, but does not have priv_basicset. To work on > Solaris 10, the call would need to be replaced with the equivalent set > of explicitly listed privs: The prior art in other apps on the system seems to suggest that priv_str_to_set is a better fallback if priv_basicset is not available. I'v...

On 2/17/16 3:02 PM, Carson Gaspar wrote: > > Sadly I'm hitting a different autoconf bug :-( I was being an idiot - configure was bombing out & I didn't notice (boy that openssl version error message is loooooong...) With Mr. Wilson's patch, I still get: "sandbox-solaris.c", line 22: #error: "--with-solaris-privs must be used with the Solaris sandbox"

Hi, OpenSSH 7.2 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains many bugfixes and several new features. The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is available via Git at https://anongit.mindrot.org/openssh.git/ or via a mirror on Github at