On Tue, Feb 09, 2016 at 07:46:45PM -0500, Randall S. Becker wrote: [...] > SUPERUSER ends up being 65535, which is root on this platform. SUPER.SUPER > is the actual name of root. /var and /var/run are both 755, while > /var/run/keycommand_SUPER.SUPER is 644. OK, I think the ownership is the problem. auth2-pubkey.c:subprocess() does this: if (stat(av[0], &st) < 0) [...] if (auth_secure_path(av[0], &st, NULL, 0, errmsg, sizeof(errmsg)) != 0) { error("Unsafe %s \"%s\": %s", tag, av[0], errmsg); The 4th arg to auth_secure_path is the UID we expect the file to be owned by. If you apply the following and compile with -DROOT_UID=65535 does it work? What does ./config.guess report the platform as? diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 41b34ae..bdcb2c2 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -420,7 +420,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command, restore_uid(); return 0; } - if (auth_secure_path(av[0], &st, NULL, 0, + if (auth_secure_path(av[0], &st, NULL, ROOT_UID, errmsg, sizeof(errmsg)) != 0) { error("Unsafe %s \"%s\": %s", tag, av[0], errmsg); restore_uid(); diff --git a/defines.h b/defines.h index a438ddd..7489fef 100644 --- a/defines.h +++ b/defines.h @@ -857,4 +857,8 @@ struct winsize { # define USE_SYSTEM_GLOB #endif +#ifndef ROOT_UID +# define ROOT_UID 0 +#endif + #endif /* _DEFINES_H */ -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev