Displaying 7 results from an estimated 7 matches for "use_solaris_priv".
Did you mean:
use_solaris_privs
2016 Feb 18
5
Call for testing: OpenSSH 7.2
...otice (boy
that openssl version error message is loooooong...)
With Mr. Wilson's patch, I still get:
"sandbox-solaris.c", line 22: #error: "--with-solaris-privs must be used
with the Solaris sandbox"
Because:
$ fgrep SOLARIS config.h
#define SANDBOX_SOLARIS 1
/* #undef USE_SOLARIS_PRIVS */
/* #undef USE_SOLARIS_PROCESS_CONTRACTS */
/* #undef USE_SOLARIS_PROJECTS */
If I "fix" it by passing "--with-solaris-privs" to configure, all tests
pass without SUDO being set. If I set SUDO then agent.sh fails:
trace: agent forwarding
FAIL: agent fwd proto 2 failed (exi...
2015 Nov 13
2
[PATCH] Drop fine-grained privileges on Illumos/Solaris
..., ssh-agent and sftp-server. Since the privilege dropping here is
roughly equivalent to a more verbose, coarser version of a tame() call,
I was wondering if there might be any interest in taking it into
openssh-portable in future.
Patch is attached. I've made sure all the code is behind
#ifdef USE_SOLARIS_PRIVS and added some code in configure.ac to turn
this macro on and off.
It also has a related fix which turns off the UID restoration test when
building --with-solaris-privs (since the fine-grained privs model lets
you create an ordinary user who can setuid to root, and sshd should
still let such a us...
2016 Feb 17
4
Call for testing: OpenSSH 7.2
On Wed, 17 Feb 2016, Alex Wilson wrote:
> On 2/17/16 2:04 PM, Alex Wilson wrote:
> > I've attached a patch...
> >
>
> Also at
>
> https://us-east.manta.joyent.com/arekinath/public/openssh-wip-fix-for-sol10-privs.patch
>
> If you are having trouble getting the patch out of the email.
>
> Also, as for Damien's patch, you will want to regenerate
2015 Nov 13
2
[PATCH] Drop fine-grained privileges on Illumos/Solaris
...e-auth
> privsep sandbox...
>
Ok, please find attached a revised version. I've moved all of the
pre-auth privsep bit into a new sandbox-solaris.c, and for the ssh-agent
and sftp-server I've created the platform_drop_agent_privs() and
platform_drop_sftp_server_privs() hooks which, if USE_SOLARIS_PRIVS is
enabled then call out to the code that's now in
openbsd-compat/port-solaris.c
Does this look a bit better? The biggest annoyance I had is that now
ssh-agent and sftp-server have to link against platform.o, and the
easiest way to organise that seemed to be to add it to libssh.a. So now
all...
2016 Mar 10
2
Problems with -with-sandbox=solaris on Solaris 10
I was involved with the issues building OpenSSH 7.2p1 to use the
Solaris sandbox, but I ended up dropping out of the discussion
due to being on the road for most of the last couple of weeks.
Anyway, the problems persist with OpenSSH 7.2p2 when building
with --with-sandbox=solaris. I found that there's an error in
openbsd-compat/port-solaris.h on line 30, because the type
priv_set_t
2016 Feb 17
4
Call for testing: OpenSSH 7.2
On 2/17/16 9:50 AM, Carson Gaspar wrote:
> Solaris 10 has setppriv, but does not have priv_basicset. To work on
> Solaris 10, the call would need to be replaced with the equivalent set
> of explicitly listed privs:
The prior art in other apps on the system seems to suggest that
priv_str_to_set is a better fallback if priv_basicset is not available.
I've attached a patch that seems
2015 Nov 29
22
[Bug 2511] New: Drop fine-grained privileges on Illumos/Solaris
https://bugzilla.mindrot.org/show_bug.cgi?id=2511
Bug ID: 2511
Summary: Drop fine-grained privileges on Illumos/Solaris
Product: Portable OpenSSH
Version: 7.1p1
Hardware: Other
OS: Solaris
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs