openssh-unix-dev August 2011 archive
Main Archive Page > Month Archives  > openssh-unix-dev archives
openssh-unix-dev: Re: Call for testing: OpenSSH-5.9

Re: Call for testing: OpenSSH-5.9

From: Corinna Vinschen <vinschen_at_nospam>
Date: Mon Aug 15 2011 - 11:41:37 GMT
To: openssh-unix-dev@mindrot.org

On Aug 14 10:30, Damien Miller wrote:
> Hi,
>
> OpenSSH 5.9 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This release contains a
> couple of new features and changes and bug fixes. Testing of the new
> sandboxed privilege separation mode (see below) would be particularly
> appreciated.
>
> Snapshot releases for portable OpenSSH are available from
> http://www.mindrot.org/openssh_snap/
>
> The OpenBSD version is available in CVS HEAD:
> http://www.openbsd.org/anoncvs.html
>
> Portable OpenSSH is also available via anonymous CVS using the
> instructions at http://www.openssh.com/portable.html#cvs or
> via Mercurial at http://hg.mindrot.org/openssh
>
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
>
> $ ./configure && make tests

Current CVS builds fine and all tests pass on Cygwin.

> Sandboxing of the privilege separated child process will become the
> default in a future release. We'd also like to include native
> sandboxes for other platforms.

I'm still thinking about how to do that for Cygwin. There's no way on
Windows to remove user permission to create files in a generic way. But
maybe the UAC feature since Vista is a way to accomplish sandboxing at
least on Vista and later by starting the process as a low integrity
process. I have to take a closer look into this stuff.

While I was at it, it occured to me that there's another piece of
Cygwin-specific code which can go away. Pipes are always created as
binary pipes for quite some time now. There's no supported version of
Cygwin left which allowed to create textmode pipes. Therefore, the
binary_pipe code can go away. Here's the patch:

Index: openbsd-compat/bsd-cygwin_util.c
===================================================================
RCS file: /cvs/openssh/openbsd-compat/bsd-cygwin_util.c,v
retrieving revision 1.22
diff -u -p -r1.22 bsd-cygwin_util.c
--- openbsd-compat/bsd-cygwin_util.c 27 Feb 2010 16:29:33 -0000 1.22
+++ openbsd-compat/bsd-cygwin_util.c 15 Aug 2011 10:59:57 -0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com>
+ * Copyright (c) 2000, 2001, 2011 Corinna Vinschen <vinschen@redhat.com>
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -34,9 +34,6 @@
 #if defined(open) && open == binary_open
 # undef open
 #endif
-#if defined(pipe) && open == binary_pipe
-# undef pipe
-#endif
 
 #include <sys/types.h>
 
@@ -57,18 +54,6 @@ binary_open(const char *filename, int fl
         mode = va_arg(ap, mode_t);
         va_end(ap);
         return (open(filename, flags | O_BINARY, mode));
-}
-
-int
-binary_pipe(int fd[2])
-{
- int ret = pipe(fd);
-
- if (!ret) {
- setmode(fd[0], O_BINARY);
- setmode(fd[1], O_BINARY);
- }
- return (ret);
 }
 
 int
Index: openbsd-compat/bsd-cygwin_util.h
===================================================================
RCS file: /cvs/openssh/openbsd-compat/bsd-cygwin_util.h,v
retrieving revision 1.12
diff -u -p -r1.12 bsd-cygwin_util.h
--- openbsd-compat/bsd-cygwin_util.h 8 Mar 2009 00:40:28 -0000 1.12
+++ openbsd-compat/bsd-cygwin_util.h 15 Aug 2011 10:59:57 -0000
@@ -1,7 +1,7 @@
 /* $Id: bsd-cygwin_util.h,v 1.12 2009/03/08 00:40:28 dtucker Exp $ */
 
 /*
- * Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com>
+ * Copyright (c) 2000, 2001, 2011 Corinna Vinschen <vinschen@redhat.com>
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -41,13 +41,11 @@
 #include <io.h>
 
 int binary_open(const char *, int , ...);
-int binary_pipe(int fd[2]);
 int check_ntsec(const char *);
 char **fetch_windows_environment(void);
 void free_windows_environment(char **);
 
 #define open binary_open
-#define pipe binary_pipe
 
 #endif /* HAVE_CYGWIN */

Corinna

-- Corinna Vinschen Cygwin Project Co-Leader Red Hat _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev