openssh-unix-dev August 2011 archive
Main Archive Page > Month Archives  > openssh-unix-dev archives
openssh-unix-dev: Re: Call for testing: OpenSSH-5.9

Re: Call for testing: OpenSSH-5.9

From: Andy Tsouladze <andyb1_at_nospam>
Date: Mon Aug 15 2011 - 15:38:35 GMT
To: Damien Miller <djm@mindrot.org>

Compiled SNAP-20110816 on
x86 slackware-13.0.0
x86 slackware-13.37.0
x86_64 slackware-13.37.0

Default configuration results in sandbox=rlimit, and with this option, all
tests work on both verions of slackware. I also compiled it with
--with-sandbox=no, with no problems.

Now for the problems.

1. ./configure --help

   --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY
   --with-default-path= Specify default \$PATH environment for server

Is there a reason to escape dollar signs here?

2. ./configure --help

   --with-sandbox=style Specify privilege separation sandbox (no,
rlimit, systrace)

This is different from option stated in the mail (systrace, seatbelt and
rlimit), and may be misleading.

> Three concrete sandbox implementation are provided (selected at
> configure time): systrace, seatbelt and rlimit.

3. I did try, just out of curiosity, to configure with
--with-sandbox=seatbelt option, and got the following error:

configure: error: unsupported -with-sandbox

There is a typo here (-with as opposed to --with) and (probably)
user-supplied option is omitted.

4. Attempt to run `./configure --with-sandbox=systrace' succeeds, but
compilation of sandbox-systrace.c fails as follows (on slackware-13.37.0
x86 and x86_64):

gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare
-Wformat-security -Wno-pointer-sign -Wno-unused-result
-fno-strict-aliasing -fno-builtin-memset -fstack-protector-all -I. -I.
-DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"
-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"
-D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\"
-D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\"
-D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\"
-D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\"
-DHAVE_CONFIG_H -c sandbox-systrace.c
sandbox-systrace.c:28:26: fatal error: dev/systrace.h: No such file or
directory
compilation terminated.
make: *** [sandbox-systrace.o] Error 1

It is true that my machine does not have systrace.h header file, but maybe
this should be caught at configuration time?

On slackware-13.0.0, compilation also fails but in a somewhat different
manner:

gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare
-Wformat-security -Wno-pointer-sign -fno-strict-aliasing
-fno-builtin-memset -fstack-protector-all -std=gnu99 -I. -I.
-DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"
-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"
-D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\"
-D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\"
-D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\"
-D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\"
-DHAVE_CONFIG_H -c sandbox-systrace.c
sandbox-systrace.c:28:26: error: dev/systrace.h: No such file or directory
sandbox-systrace.c:51: error: 'SYSTR_POLICY_NEVER' undeclared here (not in
a function)
sandbox-systrace.c:53: error: 'SYS___sysctl' undeclared here (not in a
function)
sandbox-systrace.c:53: error: 'SYSTR_POLICY_PERMIT' undeclared here (not
in a function)
sandbox-systrace.c: In function 'ssh_sandbox_parent':
sandbox-systrace.c:118: error: storage size of 'policy' isn't known
sandbox-systrace.c:132: error: 'STRIOCCLONE' undeclared (first use in this
function)
sandbox-systrace.c:132: error: (Each undeclared identifier is reported
only once
sandbox-systrace.c:132: error: for each function it appears in.)
sandbox-systrace.c:132: warning: passing argument 2 of 'ioctl' makes
integer from pointer without a cast
sandbox-systrace.c:137: error: 'STRIOCATTACH' undeclared (first use in
this function)
sandbox-systrace.c:137: warning: passing argument 2 of 'ioctl' makes
integer from pointer without a cast
sandbox-systrace.c:142: warning: passing argument 2 of 'bzero' makes
integer from pointer without a cast
sandbox-systrace.c:143: error: request for member 'strp_op' in something
not a structure or union
sandbox-systrace.c:143: error: 'SYSTR_POLICY_NEW' undeclared (first use in
this function)
sandbox-systrace.c:143: warning: statement with no effect
sandbox-systrace.c:144: error: request for member 'strp_maxents' in
something not a structure or union
sandbox-systrace.c:144: error: 'SYS_MAXSYSCALL' undeclared (first use in
this function)
sandbox-systrace.c:144: warning: statement with no effect
sandbox-systrace.c:145: error: 'STRIOCPOLICY' undeclared (first use in
this function)
sandbox-systrace.c:145: warning: passing argument 2 of 'ioctl' makes
integer from pointer without a cast
sandbox-systrace.c:149: error: request for member 'strp_op' in something
not a structure or union
sandbox-systrace.c:149: error: 'SYSTR_POLICY_ASSIGN' undeclared (first use
in this function)
sandbox-systrace.c:149: warning: statement with no effect
sandbox-systrace.c:150: error: request for member 'strp_pid' in something
not a structure or union
sandbox-systrace.c:150: warning: statement with no effect
sandbox-systrace.c:151: warning: passing argument 2 of 'ioctl' makes
integer from pointer without a cast
sandbox-systrace.c:156: warning: comparison between pointer and integer
sandbox-systrace.c:164: error: request for member 'strp_op' in something
not a structure or union
sandbox-systrace.c:164: error: 'SYSTR_POLICY_MODIFY' undeclared (first use
in this function)
sandbox-systrace.c:164: warning: statement with no effect
sandbox-systrace.c:165: error: request for member 'strp_code' in something
not a structure or union
sandbox-systrace.c:165: warning: statement with no effect
sandbox-systrace.c:166: error: request for member 'strp_policy' in
something not a structure or union
sandbox-systrace.c:167: error: 'SYSTR_POLICY_KILL' undeclared (first use
in this function)
sandbox-systrace.c:167: warning: pointer/integer type mismatch in
conditional expression
sandbox-systrace.c:167: warning: statement with no effect
sandbox-systrace.c:170: warning: passing argument 2 of 'ioctl' makes
integer from pointer without a cast
sandbox-systrace.c:118: warning: unused variable 'policy'
make: *** [sandbox-systrace.o] Error 1

Regards,

Andy

Dr Andy Tsouladze
Sr Unix/Storage SysAdmin
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev