Re: OpenSSH 4.1: call for testing.

Darren Tucker wrote:
> Edgar, Bob wrote:
>
>> On Solaris10/Sparc:
>>
>> My first make tests failed as below. Running again, all tests pass.
>> I then started again with a clean directory and did configure && make
>> tests
>> without errors. Pehaps this is just wierdness on my system but perhaps
>> someone else will see something obvious.
>
>
> No, nothing obvious.
>
> One possibility: if you're using OpenSSL <= 0.9.7e compiled on Solaris
> 10, it won't use the /dev/*random devices. This means that the
> ssh-rand-helper needs to exist in its final location (/usr/local/libexec
> by default) in order for the tests to run (so if it started working
> after a "make install" then that's probably the reason).
>


This is due to a bug in OpenSSL; they use the option O_NOFOLLOW on
opening the /dev/random devices -- and, on Solaris, this is a no-no, as
/dev/random is a symlink to /devices/pseudo/[blah blah].

You can comment out the O_NOFOLLOW option in your openssl source, it's
in crypto/rand/rand_unix.c. This shouldn't open up much of a security
hole -- if you have a situation where someone could place a trojan
symlink in /dev, you've got other problems on your hands than not having
a good random number source :)

I submitted a bug to the openssl folks awhile back; this worked previous
to S10, as Solaris just recently began supporting O_NOFOLLOW.

-rob

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev