diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2016-04-14 23:21:43 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2016-04-14 23:21:43 +0000 |
| commit | def57f71151deb8e79cbf9b874130a198054b097 (patch) | |
| tree | a5eddbceadc11732ab6282a09aa82f75f03e32e7 /regress | |
| parent | 26ea74e537e0b130d204678bbc73d5d536daecce (diff) | |
add test knob and warning for StrictModes
Diffstat (limited to 'regress')
| -rw-r--r-- | regress/usr.bin/ssh/test-exec.sh | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/regress/usr.bin/ssh/test-exec.sh b/regress/usr.bin/ssh/test-exec.sh index f63974e57ee..3f51e944b5f 100644 --- a/regress/usr.bin/ssh/test-exec.sh +++ b/regress/usr.bin/ssh/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.51 2015/03/03 22:35:19 markus Exp $ +# $OpenBSD: test-exec.sh,v 1.52 2016/04/14 23:21:42 djm Exp $ # Placed in the Public Domain. USER=`id -un` @@ -270,6 +270,13 @@ cat << EOF > $OBJ/sshd_config Subsystem sftp $SFTPSERVER EOF +# This may be necessary if /usr/src and/or /usr/obj are group-writable, +# but if you aren't careful with permissions then the unit tests could +# be abused to locally escalate privileges. +if [ ! -z "$TEST_SSH_UNSAFE_PERMISSIONS" ]; then + echo "StrictModes no" >> $OBJ/sshd_config +fi + if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS" echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config |