2 files changed, 15 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index 1ffc4b5f5..85dbe0f33 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,9 @@
    - dtucker@cvs.openbsd.org 2011/06/03 05:35:10
      [regress/cfgmatch.sh]
      use OBJ to find test configs, patch from Tim Rice
+   - markus@cvs.openbsd.org 2011/06/30 22:44:43
+     [regress/connect-privsep.sh]
+     test with sandbox enabled; ok djm@
 
 20110812
  - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context
diff --git a/regress/connect-privsep.sh b/regress/connect-privsep.sh
index d23cadba5..e7f938981 100644
--- a/regress/connect-privsep.sh
+++ b/regress/connect-privsep.sh
@@ -1,8 +1,9 @@
-#       $OpenBSD: connect-privsep.sh,v 1.1 2002/03/21 21:45:07 markus Exp $
+#       $OpenBSD: connect-privsep.sh,v 1.2 2011/06/30 22:44:43 markus Exp $
 #       Placed in the Public Domain.
 
 tid="proxy connect with privsep"
 
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig
 echo 'UsePrivilegeSeparation yes' >> $OBJ/sshd_proxy
 
 for p in 1 2; do
@@ -11,3 +12,13 @@ for p in 1 2; do
                 fail "ssh privsep+proxyconnect protocol $p failed"
         fi
 done
+
+cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy
+echo 'UsePrivilegeSeparation sandbox' >> $OBJ/sshd_proxy
+
+for p in 1 2; do
+        ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true
+        if [ $? -ne 0 ]; then
+                fail "ssh privsep/sandbox+proxyconnect protocol $p failed"
+        fi
+done