[MacPorts] #47798: openssh sandboxing broken on 10.10

21 May 2015

      #47798: openssh sandboxing broken on 10.10
---------------------+--------------------------------
 Reporter:  dluke@…  |      Owner:  macports-tickets@…
     Type:  defect   |     Status:  new
 Priority:  Normal   |  Milestone:
Component:  ports    |    Version:  2.3.3
 Keywords:           |       Port:  openssh
---------------------+--------------------------------
 Macports openssh sshd with UsePrivilegeSeparation sandbox (the default)
 fails on 10.10 with "chroot("/opt/local/var/empty"): Operation not
 permitted [preauth]"

 System log says: sandboxd[587] ([36016]): sshd(36016) deny file-read-
 metadata /opt

 I verified that "UsePrivilegeSeparation yes" works, and also that re-
 building with --with-privsep-path=/var/empty also works. (We could
 probably also alter the sandbox file that we ship, but I'm not sure it's
 necessary for us to have our own /var/empty sitting in $prefix).

-- 
Ticket URL: <https://trac.macports.org/ticket/47798>
MacPorts <https://www.macports.org/>
Ports system for OS X

MacPorts

MacPorts

MacPorts

MacPorts

MacPorts

MacPorts

tags

participants (1)