openssh-unix-dev August 2011 archive
Main Archive Page > Month Archives  > openssh-unix-dev archives
openssh-unix-dev: Re: Call for testing: OpenSSH-5.9

Re: Call for testing: OpenSSH-5.9

From: Frederico Costa (Ports) <fredports_at_nospam>
Date: Mon Aug 15 2011 - 12:25:29 GMT
To: <openssh-unix-dev@mindrot.org>

 Hi there...

 Just downloaded openssh-SNAP-20110815.tar.gz

 and run the usual $ ./configure && make tests

 And i get the usual "all tests passed", no errors reported.

 I have runned this on a FreeBSD 8.2 Release #0 amd64.

 Regards

 Fred

 ---
 Frederico Costa
 fredports@mufley.com

 On Sun, 14 Aug 2011 10:30:10 +1000 (EST), Damien Miller wrote:
> Hi,
>
> OpenSSH 5.9 is almost ready for release, so we would appreciate
> testing
> on as many platforms and systems as possible. This release contains a
> couple of new features and changes and bug fixes. Testing of the new
> sandboxed privilege separation mode (see below) would be particularly
> appreciated.
>
> Snapshot releases for portable OpenSSH are available from
> http://www.mindrot.org/openssh_snap/
>
> The OpenBSD version is available in CVS HEAD:
> http://www.openbsd.org/anoncvs.html
>
> Portable OpenSSH is also available via anonymous CVS using the
> instructions at http://www.openssh.com/portable.html#cvs or
> via Mercurial at http://hg.mindrot.org/openssh
>
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
>
> $ ./configure && make tests
>
> Live testing on suitable non-production systems is also
> appreciated. Please send reports of success or failure to
> openssh-unix-dev@mindrot.org.
>
> Below is a summary of changes. More detail may be found in the
> ChangeLog
> in the portable OpenSSH tarballs.
>
> Thanks to the many people who contributed to this release.
>
> -------------------------------
>
> Features:
>
> * Introduce sandboxing of the pre-auth privsep child using a new
> sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
> mandatory restrictions on the syscalls the privsep child can
> perform.
> This intention is to prevent a compromised privsep child from
> being
> used to attack other hosts (by opening sockets and proxying) or
> probing
> local kernel attack surface.
>
> Three concrete sandbox implementation are provided (selected at
> configure time): systrace, seatbelt and rlimit.
>
> The systrace sandbox uses systrace(4) in unsupervised "fast-path"
> mode, where a list of permitted syscalls is supplied. Any syscall
> not
> on the list results in SIGKILL being sent to the privsep child.
> Note
> that this requires a kernel with the new SYSTR_POLICY_KILL option
> (only OpenBSD has this mode at present).
>
> The seatbelt sandbox uses OS X/Darwin sandbox(7) facilities with a
> strict (kSBXProfilePureComputation) policy that disables access to
> filesystem and network resources.
>
> The rlimit sandbox is a fallback choice for platforms that don't
> support a better one; it uses setrlimit() to reset the hard-limit
> of file descriptors and processes to zero, which should prevent
> the privsep child from forking or opening new network connections.
>
> Sandboxing of the privilege separated child process will become
> the
> default in a future release. We'd also like to include native
> sandboxes for other platforms.
>
> * Add new SHA256-based HMAC transport integrity modes from
> http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
> These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512,
> and hmac-sha2-512-96, and are available by default in ssh(1) and
> sshd(8)
>
> * The pre-authentication sshd(8) privilege separation slave process
> now logs via a socket shared with the master process, avoiding the
> need to maintain /dev/log inside the chroot.
>
> * ssh(1) now warns when a server refuses X11 forwarding
>
> * sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
> separated by space. The undocumented AuthorizedKeysFile2 option is
> deprecated (though the default for AuthorizedKeysFile includes
> .ssh/authorized_keys2)
>
> * sshd_config(5): similarly deprecate UserKnownHostsFile2 and
> GlobalKnownHostsFile2 by making UserKnownHostsFile and
> GlobalKnownHostsFile accept multiple options and default to
> include
> known_hosts2
>
> * retain key comments when loading v.2 keys. These will be visible
> in
> "ssh-add -l" and other places. bz#439
>
> * ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as
> IPv4 ToS/DSCP). bz#1855
>
> * ssh_config(5)'s ControlPath option now expands %L to the host
> portion of the destination host name.
>
> * ssh_config(5) "Host" options now support negated Host matching,
> e.g.
>
> Host *.example.org !c.example.org
> User mekmitasdigoat
>
> Will match "a.example.org", "b.example.org", but not
> "c.example.org"
>
> * ssh_config(5): a new RequestTTY option provides control over when
> a
> TTY is requested for a connection, similar to the existing
> -t/-tt/-T
> ssh(1) commandline options.
>
> * sshd(8): allow GSSAPI authentication to detect when a server-side
> failure causes authentication failure and don't count such
> failures
> against MaxAuthTries; bz#1244
>
> * ssh-keygen(1): Add -A option. For each of the key types (rsa1,
> rsa,
> dsa and ecdsa) for which host keys do not exist, generate the host
> keys with the default key file path, an empty passphrase, default
> bits for the key type, and default comment. This is useful for
> system initialisation scripts.
>
> * ssh(1): Allow graceful shutdown of multiplexing: request that a
> mux
> server removes its listener socket and refuse future multiplexing
> requests but don't kill existing connections. This may be
> requested
> using "ssh -O stop ..."
>
> * ssh-add(1) now accepts keys piped from standard input. E.g.
> "ssh-add - < /path/to/key"
>
> * ssh-keysign(8) now signs hostbased authentication
> challenges correctly using ECDSA keys; bz#1858
>
> Portable OpenSSH Bugfixes:
>
> * Fix a compilation error in the SELinux support code. bz#1851
>
> * This release removes support for ssh-rand-helper. OpenSSH now
> obtains its random numbers directly from OpenSSL or from
> a PRNGd/EGD instance specified at configure time.
>
> * sshd(8) now resets the SELinux process execution context before
> executing passwd for password changes; bz#1891
>
> * Since gcc >= 4.x ignores all -Wno-options options, test only the
> corresponding -W-option when trying to determine whether it is
> accepted. bz#1900, bz#1901
> selinux code. Patch from Leonardo Chiquitto
>
> * Add ECDSA key generation to the Cygwin ssh-{host,user}-config
> scripts.
>
> Reporting Bugs:
> ===============
>
> - Please read http://www.openssh.com/report.html
> Security bugs should be reported directly to openssh@openssh.com
>
> OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
> Raadt,
> Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice
> and
> Ben Lindstrom.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev