| Summary: | Disable uid=0 resetting test on Solaris | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Tomas Kuthan <tomas.kuthan> | ||||||
| Component: | sshd | Assignee: | Assigned to nobody <unassigned-bugs> | ||||||
| Status: | CLOSED DUPLICATE | ||||||||
| Severity: | normal | ||||||||
| Priority: | P5 | ||||||||
| Version: | 6.7p1 | ||||||||
| Hardware: | SPARC | ||||||||
| OS: | Solaris | ||||||||
| Attachments: |
|
||||||||
Created attachment 2498 [details]
Patch disabling uid=0 resetting test on Solaris
resolved as a part of fine-grained privileges wad *** This bug has been marked as a duplicate of bug 2511 *** Close all resolved bugs after 7.3p1 release |
Created attachment 2497 [details] Patch disabling uid=0 resetting test on Solaris After the server process drops uid=0, a test is made to make sure uid=0 cannot be reclaimed. On Solaris, if a user is granted ALL privilege in a zone, this user can successfully call setuid(0) and setgid(0). In this case it is not due to a failure of dropping uid=0, sshd was started with. Uid restoration test fails and the user is not permitted to log in. This fix disables the check on Solaris. For non-privileged users the inability to reclaim uid=0 is implied from previous successful call to setresuid(). For user with ALL privilege in the zone the assertion in the test is not correct; the ability to restore uid=0 stems from additional privileges granted to the user. The fix is implemented by replacing appropriate occurrences of OS-based define HAVE_CYGWIN with functionality-based define NO_UID_RESTORATION_TEST and defining it for Solaris and Cygwin in configure.ac.