diff options
| author | Damien Miller <djm@mindrot.org> | 2004-05-23 06:09:40 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2004-05-23 06:09:40 +0200 |
| commit | b409718797da73ac4ee2de422d894297b2c2d8f7 (patch) | |
| tree | 6fa87e4af301a1c498d10e8ca873b2982e746fa3 | |
| parent | - (djm) Explain consequences of UsePAM=yes a little better in sshd_config; (diff) | |
| download | openssh-b409718797da73ac4ee2de422d894297b2c2d8f7.tar.xz openssh-b409718797da73ac4ee2de422d894297b2c2d8f7.zip | |
- (djm) [configure.ac] Warn if the system has no known way of figuring out
which user is on the other end of a Unix domain socket; ok dtucker@
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | configure.ac | 26 |
2 files changed, 30 insertions, 4 deletions
@@ -1,6 +1,8 @@ 20040523 - - (djm) Explain consequences of UsePAM=yes a little better in sshd_config; - ok dtucker@ + - (djm) [sshd_config] Explain consequences of UsePAM=yes a little better in + sshd_config; ok dtucker@ + - (djm) [configure.ac] Warn if the system has no known way of figuring out + which user is on the other end of a Unix domain socket; ok dtucker@ 20040513 - (dtucker) [configure.ac] Bug #867: Additional tests for res_query in @@ -1122,4 +1124,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3356 2004/05/23 01:47:58 djm Exp $ +$Id: ChangeLog,v 1.3357 2004/05/23 04:09:40 djm Exp $ diff --git a/configure.ac b/configure.ac index 850205cc7..76ac0e06c 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.217 2004/05/13 01:56:17 dtucker Exp $ +# $Id: configure.ac,v 1.218 2004/05/23 04:09:40 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -926,6 +926,20 @@ int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} ) fi +# Check for missing getpeereid (or equiv) support +NO_PEERCHECK="" +if test "x$ac_cv_func_getpeereid" != "xyes" ; then + AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) + AC_TRY_COMPILE( + [#include <sys/types.h> + #include <sys/socket.h>], + [int i = SO_PEERCRED;], + [AC_MSG_RESULT(yes)], + [AC_MSG_RESULT(no) + NO_PEERCHECK=1] + ) +fi + dnl see whether mkstemp() requires XXXXXX if test "x$ac_cv_func_mkdtemp" = "xyes" ; then AC_MSG_CHECKING([for (overly) strict mkstemp]) @@ -2975,3 +2989,13 @@ if test ! -z "$RAND_HELPER_CMDHASH" ; then echo "" fi +if test ! -z "$NO_PEERCHECK" ; then + echo "WARNING: the operating system that you are using does not " + echo "appear to support either the getpeereid() API nor the " + echo "SO_PEERCRED getsockopt() option. These facilities are used to " + echo "enforce security checks to prevent unauthorised connections to " + echo "ssh-agent. Their absence increases the risk that a malicious " + echo "user can connect to your agent. " + echo "" +fi + |