diff options
-rw-r--r-- | regress/usr.bin/ssh/test-exec.sh | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/regress/usr.bin/ssh/test-exec.sh b/regress/usr.bin/ssh/test-exec.sh index f63974e57ee..3f51e944b5f 100644 --- a/regress/usr.bin/ssh/test-exec.sh +++ b/regress/usr.bin/ssh/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.51 2015/03/03 22:35:19 markus Exp $ +# $OpenBSD: test-exec.sh,v 1.52 2016/04/14 23:21:42 djm Exp $ # Placed in the Public Domain. USER=`id -un` @@ -270,6 +270,13 @@ cat << EOF > $OBJ/sshd_config Subsystem sftp $SFTPSERVER EOF +# This may be necessary if /usr/src and/or /usr/obj are group-writable, +# but if you aren't careful with permissions then the unit tests could +# be abused to locally escalate privileges. +if [ ! -z "$TEST_SSH_UNSAFE_PERMISSIONS" ]; then + echo "StrictModes no" >> $OBJ/sshd_config +fi + if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS" echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config |