Re: Call for testing: OpenSSH 7.2

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 





Carson Gaspar wrote:
On 2/17/16 9:50 AM, Carson Gaspar wrote:
On 2/16/16 8:21 PM, Damien Miller wrote:

I think this should fix it. It would be good if someone with recent
Solaris/
Illumos that does have the fine-grained privilege support could test
it too.

Solaris 10 has setppriv, but does not have priv_basicset. To work on
Solaris 10, the call would need to be replaced with the equivalent set
of explicitly listed privs:

"Of  the  privileges  listed  above,  the privileges PRIV_FILE_LINK_ANY,
PRIV_FILE_READ,  PRIV_FILE_WRITE,  PRIV_PROC_INFO, PRIV_PROC_SESSION,
PRIV_NET_ACCESS,  PRIV_PROC_FORK,  and  PRIV_PROC_EXEC  are considered
"basic" privileges. These are privileges that used to be always avail-
able  to  unprivileged  processes. By default, processes still have the
basic privileges."

Of course that's the Sol 11 man page excerpt. Sol 10 doesn't have PRIV_FILE_{READ,WRITE}, but otherwise the basic privs are the same.

I'd be more that willing to try this out on Solaris 10.

--
          Jeff Wieland            |         Purdue University
   Network Systems Administrator  |        ITIS UNIX Platforms
       Voice: (765)496-8234       |        155 S. Grant Street
        FAX: (765)496-1380        |      West Lafayette, IN 47907

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux