On 2/16/16 8:21 PM, Damien Miller wrote:
I think this should fix it. It would be good if someone with recent Solaris/ Illumos that does have the fine-grained privilege support could test it too.
Solaris 10 has setppriv, but does not have priv_basicset. To work on Solaris 10, the call would need to be replaced with the equivalent set of explicitly listed privs:
"Of the privileges listed above, the privileges PRIV_FILE_LINK_ANY, PRIV_FILE_READ, PRIV_FILE_WRITE, PRIV_PROC_INFO, PRIV_PROC_SESSION, PRIV_NET_ACCESS, PRIV_PROC_FORK, and PRIV_PROC_EXEC are considered "basic" privileges. These are privileges that used to be always avail- able to unprivileged processes. By default, processes still have the basic privileges."
diff --git a/configure.ac b/configure.ac index b4c0aaa..f614edf 100644 --- a/configure.ac +++ b/configure.ac @@ -896,11 +896,8 @@ mips-sony-bsd|mips-sony-newsos4) else AC_MSG_RESULT([no]) fi - AC_CHECK_FUNC([setppriv], - [ AC_CHECK_HEADERS([priv.h], [ - SOLARIS_PRIVS="yes" - ]) - ]) + AC_CHECK_FUNC([setppriv]) + AC_CHECK_HEADERS([priv.h]) AC_ARG_WITH([solaris-contracts], [ --with-solaris-contracts Enable Solaris process contracts (experimental)], [ @@ -925,7 +922,9 @@ mips-sony-bsd|mips-sony-newsos4) [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], [ AC_MSG_CHECKING([for Solaris/Illumos privilege support]) - if test "x$SOLARIS_PRIVS" = "xyes" ; then + if test "x$ac_cv_func_setppriv" = "xyes" -a \ + "x$ac_cv_header_priv_h" = "xyes" ; then + SOLARIS_PRIVS=yes AC_MSG_RESULT([found]) AC_DEFINE([NO_UID_RESTORATION_TEST], [1], [Define to disable UID restoration test]) _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev