Damien Miller wrote:
On Tue, 16 Feb 2016, Jeff Wieland wrote:
The Solaris privilege code breaks building on Solaris 10. If
you let configure just do its thing, you get the following error
when compiling:
"sandbox-solaris.c", line 22: #error: "--with-solaris-privs must be used with
the Solaris sandbox"
So, I did add "--with-solaris-privs" to the command line for
configure, but then I got the following error messages:
I think this should fix it. It would be good if someone with recent Solaris/
Illumos that does have the fine-grained privilege support could test it too.
diff --git a/configure.ac b/configure.ac
index b4c0aaa..f614edf 100644
--- a/configure.ac
+++ b/configure.ac
@@ -896,11 +896,8 @@ mips-sony-bsd|mips-sony-newsos4)
else
AC_MSG_RESULT([no])
fi
- AC_CHECK_FUNC([setppriv],
- [ AC_CHECK_HEADERS([priv.h], [
- SOLARIS_PRIVS="yes"
- ])
- ])
+ AC_CHECK_FUNC([setppriv])
+ AC_CHECK_HEADERS([priv.h])
AC_ARG_WITH([solaris-contracts],
[ --with-solaris-contracts Enable Solaris process contracts (experimental)],
[
@@ -925,7 +922,9 @@ mips-sony-bsd|mips-sony-newsos4)
[ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)],
[
AC_MSG_CHECKING([for Solaris/Illumos privilege support])
- if test "x$SOLARIS_PRIVS" = "xyes" ; then
+ if test "x$ac_cv_func_setppriv" = "xyes" -a \
+ "x$ac_cv_header_priv_h" = "xyes" ; then
+ SOLARIS_PRIVS=yes
AC_MSG_RESULT([found])
AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
[Define to disable UID restoration test])
This patch still causes privilege separation sandbox style to be
set to solaris on Solaris 10.
--
Jeff Wieland | Purdue University
Network Systems Administrator | ITIS UNIX Platforms
Voice: (765)496-8234 | 155 S. Grant Street
FAX: (765)496-1380 | West Lafayette, IN 47907
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
