summaryrefslogtreecommitdiff
path: root/regress/test-exec.sh
diff options
context:
space:
mode:
Diffstat (limited to 'regress/test-exec.sh')
-rw-r--r--regress/test-exec.sh10
1 files changed, 9 insertions, 1 deletions
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index 114e129f20fa7..1b6526d0bbf3c 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -1,4 +1,4 @@
-# $OpenBSD: test-exec.sh,v 1.51 2015/03/03 22:35:19 markus Exp $
+# $OpenBSD: test-exec.sh,v 1.53 2016/04/15 02:57:10 djm Exp $
# Placed in the Public Domain.
#SUDO=sudo
@@ -221,6 +221,7 @@ echo "#!/bin/sh" > $SSHLOGWRAP
echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP
chmod a+rx $OBJ/ssh-log-wrapper.sh
+REAL_SSH="$SSH"
SSH="$SSHLOGWRAP"
# Some test data. We make a copy because some tests will overwrite it.
@@ -411,6 +412,13 @@ cat << EOF > $OBJ/sshd_config
Subsystem sftp $SFTPSERVER
EOF
+# This may be necessary if /usr/src and/or /usr/obj are group-writable,
+# but if you aren't careful with permissions then the unit tests could
+# be abused to locally escalate privileges.
+if [ ! -z "$TEST_SSH_UNSAFE_PERMISSIONS" ]; then
+ echo "StrictModes no" >> $OBJ/sshd_config
+fi
+
if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS"
echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config