search for: solaris_drop_privs_root_pinfo_net

On Wed, 17 Feb 2016, Alex Wilson wrote: > On 2/17/16 2:04 PM, Alex Wilson wrote: > > I've attached a patch... > > > > Also at > > https://us-east.manta.joyent.com/arekinath/public/openssh-wip-fix-for-sol10-privs.patch > > If you are having trouble getting the patch out of the email. > > Also, as for Damien's patch, you will want to regenerate

On 2/17/16 3:02 PM, Carson Gaspar wrote: > > Sadly I'm hitting a different autoconf bug :-( I was being an idiot - configure was bombing out & I didn't notice (boy that openssl version error message is loooooong...) With Mr. Wilson's patch, I still get: "sandbox-solaris.c", line 22: #error: "--with-solaris-privs must be used with the Solaris sandbox"

I was involved with the issues building OpenSSH 7.2p1 to use the Solaris sandbox, but I ended up dropping out of the discussion due to being on the road for most of the last couple of weeks. Anyway, the problems persist with OpenSSH 7.2p2 when building with --with-sandbox=solaris. I found that there's an error in openbsd-compat/port-solaris.h on line 30, because the type priv_set_t

...basicset(npset); +#else + if ((npset = priv_str_to_set("basic", ",", NULL)) == NULL) + fatal("priv_str_to_set: %s", strerror(errno)); +#endif if (priv_addset(npset, PRIV_FILE_CHOWN) != 0 || priv_addset(npset, PRIV_FILE_DAC_READ) != 0 || @@ -294,11 +300,15 @@ solaris_drop_privs_root_pinfo_net(void) { priv_set_t *pset = NULL; + /* Start with "basic" and drop everything we don't need. */ +#if defined(HAVE_PRIV_BASICSET) if ((pset = priv_allocset()) == NULL) fatal("priv_allocset: %s", strerror(errno)); - - /* Start with "basic" and drop everythin...

On Tue, 16 Feb 2016, Jeff Wieland wrote: > The Solaris privilege code breaks building on Solaris 10. If > you let configure just do its thing, you get the following error > when compiling: > > "sandbox-solaris.c", line 22: #error: "--with-solaris-privs must be used with > the Solaris sandbox" > > So, I did add "--with-solaris-privs" to the