summaryrefslogtreecommitdiff
path: root/regress
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2016-04-14 23:21:42 +0000
committerDamien Miller <djm@mindrot.org>2016-04-15 11:16:12 +1000
commit076787702418985a2cc6808212dc28ce7afc01f0 (patch)
tree3680988ea441b7d8940549e2a9f50dce17be06a3 /regress
parentdc7990be865450574c7940c9880567f5d2555b37 (diff)
upstream commit
add test knob and warning for StrictModes Upstream-Regress-ID: 8cd10952ce7898655ee58945904f2a0a3bdf7682
Diffstat (limited to 'regress')
-rw-r--r--regress/test-exec.sh9
1 files changed, 8 insertions, 1 deletions
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index 114e129f..d468bcf4 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -1,4 +1,4 @@
-# $OpenBSD: test-exec.sh,v 1.51 2015/03/03 22:35:19 markus Exp $
+# $OpenBSD: test-exec.sh,v 1.52 2016/04/14 23:21:42 djm Exp $
# Placed in the Public Domain.
#SUDO=sudo
@@ -411,6 +411,13 @@ cat << EOF > $OBJ/sshd_config
Subsystem sftp $SFTPSERVER
EOF
+# This may be necessary if /usr/src and/or /usr/obj are group-writable,
+# but if you aren't careful with permissions then the unit tests could
+# be abused to locally escalate privileges.
+if [ ! -z "$TEST_SSH_UNSAFE_PERMISSIONS" ]; then
+ echo "StrictModes no" >> $OBJ/sshd_config
+fi
+
if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS"
echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config