From 076787702418985a2cc6808212dc28ce7afc01f0 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Thu, 14 Apr 2016 23:21:42 +0000
Subject: [PATCH] upstream commit

add test knob and warning for StrictModes

Upstream-Regress-ID: 8cd10952ce7898655ee58945904f2a0a3bdf7682
---
 regress/test-exec.sh | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index 114e129f2..d468bcf4d 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: test-exec.sh,v 1.51 2015/03/03 22:35:19 markus Exp $
+#	$OpenBSD: test-exec.sh,v 1.52 2016/04/14 23:21:42 djm Exp $
 #	Placed in the Public Domain.
 
 #SUDO=sudo
@@ -411,6 +411,13 @@ cat << EOF > $OBJ/sshd_config
 	Subsystem	sftp	$SFTPSERVER
 EOF
 
+# This may be necessary if /usr/src and/or /usr/obj are group-writable,
+# but if you aren't careful with permissions then the unit tests could
+# be abused to locally escalate privileges.
+if [ ! -z "$TEST_SSH_UNSAFE_PERMISSIONS" ]; then
+	echo "StrictModes no" >> $OBJ/sshd_config
+fi
+
 if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
 	trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS"
 	echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config