https://bugzilla.mindrot.org/show_bug.cgi?id=2511
Alex Wilson <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2761|0 |1 is obsolete| | --- Comment #4 from Alex Wilson <[email protected]> --- Created attachment 2770 --> https://bugzilla.mindrot.org/attachment.cgi?id=2770&action=edit patch-v2 Re: the missing sandbox-solaris.o in Makefile.in, and the re-use of SP_MSG, those were silly mistakes because I didn't copy that fix across from my build machine after I spotted it there. My apologies. I've attached a new patch (against current git master 39736be) with these issues fixed. I've condensed the checks for setppriv and priv.h to set a $SOLARIS_PRIVS shell variable as you suggested, which is then re-used by the two checks. The ifs for setppriv, and the new ifs introduced for priv_delset have been condensed into || as you suggested. priv_delset can only fail if the argument given to it is invalid, but extra checks can never hurt. I have also moved the calls to platform_drop_x_privs() to be colocated with the new pledge() calls where possible, and noted in the comments above them (in platform.c) that they should match the pledge() they sit next to as much as possible. I did have one other question/comment -- from what I can tell, the pledge() call in ssh-agent seems to be broader than it needs to be: it's currently allowing "exec", but the pledge() call happens after the final exec() that the ssh-agent can do. Am I mistaken on this? If I am, then the code in this patch should also avoid dropping "exec" (currently it drops it). (Oh, and this patch is definitely identical to the one on my build/test machine this time...) -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
