diff options
author | Damien Miller <djm@mindrot.org> | 2004-05-23 14:09:40 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2004-05-23 14:09:40 +1000 |
commit | b409718797da73ac4ee2de422d894297b2c2d8f7 (patch) | |
tree | 6fa87e4af301a1c498d10e8ca873b2982e746fa3 | |
parent | 701d0514ee3ffc5e8fde36bb0559709490407053 (diff) |
- (djm) [configure.ac] Warn if the system has no known way of figuring out
which user is on the other end of a Unix domain socket; ok dtucker@
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | configure.ac | 26 |
2 files changed, 30 insertions, 4 deletions
@@ -1,6 +1,8 @@ | |||
1 | 20040523 | 1 | 20040523 |
2 | - (djm) Explain consequences of UsePAM=yes a little better in sshd_config; | 2 | - (djm) [sshd_config] Explain consequences of UsePAM=yes a little better in |
3 | ok dtucker@ | 3 | sshd_config; ok dtucker@ |
4 | - (djm) [configure.ac] Warn if the system has no known way of figuring out | ||
5 | which user is on the other end of a Unix domain socket; ok dtucker@ | ||
4 | 6 | ||
5 | 20040513 | 7 | 20040513 |
6 | - (dtucker) [configure.ac] Bug #867: Additional tests for res_query in | 8 | - (dtucker) [configure.ac] Bug #867: Additional tests for res_query in |
@@ -1122,4 +1124,4 @@ | |||
1122 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 1124 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
1123 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 1125 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
1124 | 1126 | ||
1125 | $Id: ChangeLog,v 1.3356 2004/05/23 01:47:58 djm Exp $ | 1127 | $Id: ChangeLog,v 1.3357 2004/05/23 04:09:40 djm Exp $ |
diff --git a/configure.ac b/configure.ac index 850205cc7..76ac0e06c 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.217 2004/05/13 01:56:17 dtucker Exp $ | 1 | # $Id: configure.ac,v 1.218 2004/05/23 04:09:40 djm Exp $ |
2 | # | 2 | # |
3 | # Copyright (c) 1999-2004 Damien Miller | 3 | # Copyright (c) 1999-2004 Damien Miller |
4 | # | 4 | # |
@@ -926,6 +926,20 @@ int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} | |||
926 | ) | 926 | ) |
927 | fi | 927 | fi |
928 | 928 | ||
929 | # Check for missing getpeereid (or equiv) support | ||
930 | NO_PEERCHECK="" | ||
931 | if test "x$ac_cv_func_getpeereid" != "xyes" ; then | ||
932 | AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) | ||
933 | AC_TRY_COMPILE( | ||
934 | [#include <sys/types.h> | ||
935 | #include <sys/socket.h>], | ||
936 | [int i = SO_PEERCRED;], | ||
937 | [AC_MSG_RESULT(yes)], | ||
938 | [AC_MSG_RESULT(no) | ||
939 | NO_PEERCHECK=1] | ||
940 | ) | ||
941 | fi | ||
942 | |||
929 | dnl see whether mkstemp() requires XXXXXX | 943 | dnl see whether mkstemp() requires XXXXXX |
930 | if test "x$ac_cv_func_mkdtemp" = "xyes" ; then | 944 | if test "x$ac_cv_func_mkdtemp" = "xyes" ; then |
931 | AC_MSG_CHECKING([for (overly) strict mkstemp]) | 945 | AC_MSG_CHECKING([for (overly) strict mkstemp]) |
@@ -2975,3 +2989,13 @@ if test ! -z "$RAND_HELPER_CMDHASH" ; then | |||
2975 | echo "" | 2989 | echo "" |
2976 | fi | 2990 | fi |
2977 | 2991 | ||
2992 | if test ! -z "$NO_PEERCHECK" ; then | ||
2993 | echo "WARNING: the operating system that you are using does not " | ||
2994 | echo "appear to support either the getpeereid() API nor the " | ||
2995 | echo "SO_PEERCRED getsockopt() option. These facilities are used to " | ||
2996 | echo "enforce security checks to prevent unauthorised connections to " | ||
2997 | echo "ssh-agent. Their absence increases the risk that a malicious " | ||
2998 | echo "user can connect to your agent. " | ||
2999 | echo "" | ||
3000 | fi | ||
3001 | |||