[MacPorts] #47798: openssh sandboxing broken on 10.10
MacPorts
noreply at macports.org
Thu May 21 09:45:52 PDT 2015
#47798: openssh sandboxing broken on 10.10
---------------------+--------------------------------
Reporter: dluke@… | Owner: macports-tickets@…
Type: defect | Status: new
Priority: Normal | Milestone:
Component: ports | Version: 2.3.3
Keywords: | Port: openssh
---------------------+--------------------------------
Macports openssh sshd with UsePrivilegeSeparation sandbox (the default)
fails on 10.10 with "chroot("/opt/local/var/empty"): Operation not
permitted [preauth]"
System log says: sandboxd[587] ([36016]): sshd(36016) deny file-read-
metadata /opt
I verified that "UsePrivilegeSeparation yes" works, and also that re-
building with --with-privsep-path=/var/empty also works. (We could
probably also alter the sandbox file that we ship, but I'm not sure it's
necessary for us to have our own /var/empty sitting in $prefix).
--
Ticket URL: <https://trac.macports.org/ticket/47798>
MacPorts <https://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list