diff options
Diffstat (limited to '')
| -rw-r--r-- | regress/connect-privsep.sh | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/regress/connect-privsep.sh b/regress/connect-privsep.sh new file mode 100644 index 0000000..b6abb65 --- /dev/null +++ b/regress/connect-privsep.sh @@ -0,0 +1,35 @@ +# $OpenBSD: connect-privsep.sh,v 1.9 2017/04/30 23:34:55 djm Exp $ +# Placed in the Public Domain. + +tid="proxy connect with privsep" + +cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig +echo 'UsePrivilegeSeparation yes' >> $OBJ/sshd_proxy + +${SSH} -F $OBJ/ssh_proxy 999.999.999.999 true +if [ $? -ne 0 ]; then + fail "ssh privsep+proxyconnect failed" +fi + +cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy +echo 'UsePrivilegeSeparation sandbox' >> $OBJ/sshd_proxy + +${SSH} -F $OBJ/ssh_proxy 999.999.999.999 true +if [ $? -ne 0 ]; then + # XXX replace this with fail once sandbox has stabilised + warn "ssh privsep/sandbox+proxyconnect failed" +fi + +# Because sandbox is sensitive to changes in libc, especially malloc, retest +# with every malloc.conf option (and none). +if [ -z "TEST_MALLOC_OPTIONS" ]; then + mopts="C F G J R S U X < >" +else + mopts=`echo $TEST_MALLOC_OPTIONS | sed 's/./& /g'` +fi +for m in '' $mopts ; do + env MALLOC_OPTIONS="$m" ${SSH} -F $OBJ/ssh_proxy 999.999.999.999 true + if [ $? -ne 0 ]; then + fail "ssh privsep/sandbox+proxyconnect mopt '$m' failed" + fi +done |