summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2004-05-23 14:09:40 +1000
committerDamien Miller <djm@mindrot.org>2004-05-23 14:09:40 +1000
commitb409718797da73ac4ee2de422d894297b2c2d8f7 (patch)
tree6fa87e4af301a1c498d10e8ca873b2982e746fa3
parent701d0514ee3ffc5e8fde36bb0559709490407053 (diff)
- (djm) [configure.ac] Warn if the system has no known way of figuring out
which user is on the other end of a Unix domain socket; ok dtucker@
-rw-r--r--ChangeLog8
-rw-r--r--configure.ac26
2 files changed, 30 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index 879eb2b02..fa74e8841 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,8 @@
120040523 120040523
2 - (djm) Explain consequences of UsePAM=yes a little better in sshd_config; 2 - (djm) [sshd_config] Explain consequences of UsePAM=yes a little better in
3 ok dtucker@ 3 sshd_config; ok dtucker@
4 - (djm) [configure.ac] Warn if the system has no known way of figuring out
5 which user is on the other end of a Unix domain socket; ok dtucker@
4 6
520040513 720040513
6 - (dtucker) [configure.ac] Bug #867: Additional tests for res_query in 8 - (dtucker) [configure.ac] Bug #867: Additional tests for res_query in
@@ -1122,4 +1124,4 @@
1122 - (djm) Trim deprecated options from INSTALL. Mention UsePAM 1124 - (djm) Trim deprecated options from INSTALL. Mention UsePAM
1123 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu 1125 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
1124 1126
1125$Id: ChangeLog,v 1.3356 2004/05/23 01:47:58 djm Exp $ 1127$Id: ChangeLog,v 1.3357 2004/05/23 04:09:40 djm Exp $
diff --git a/configure.ac b/configure.ac
index 850205cc7..76ac0e06c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
1# $Id: configure.ac,v 1.217 2004/05/13 01:56:17 dtucker Exp $ 1# $Id: configure.ac,v 1.218 2004/05/23 04:09:40 djm Exp $
2# 2#
3# Copyright (c) 1999-2004 Damien Miller 3# Copyright (c) 1999-2004 Damien Miller
4# 4#
@@ -926,6 +926,20 @@ int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
926 ) 926 )
927fi 927fi
928 928
929# Check for missing getpeereid (or equiv) support
930NO_PEERCHECK=""
931if test "x$ac_cv_func_getpeereid" != "xyes" ; then
932 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
933 AC_TRY_COMPILE(
934 [#include <sys/types.h>
935 #include <sys/socket.h>],
936 [int i = SO_PEERCRED;],
937 [AC_MSG_RESULT(yes)],
938 [AC_MSG_RESULT(no)
939 NO_PEERCHECK=1]
940 )
941fi
942
929dnl see whether mkstemp() requires XXXXXX 943dnl see whether mkstemp() requires XXXXXX
930if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 944if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
931AC_MSG_CHECKING([for (overly) strict mkstemp]) 945AC_MSG_CHECKING([for (overly) strict mkstemp])
@@ -2975,3 +2989,13 @@ if test ! -z "$RAND_HELPER_CMDHASH" ; then
2975 echo "" 2989 echo ""
2976fi 2990fi
2977 2991
2992if test ! -z "$NO_PEERCHECK" ; then
2993 echo "WARNING: the operating system that you are using does not "
2994 echo "appear to support either the getpeereid() API nor the "
2995 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
2996 echo "enforce security checks to prevent unauthorised connections to "
2997 echo "ssh-agent. Their absence increases the risk that a malicious "
2998 echo "user can connect to your agent. "
2999 echo ""
3000fi
3001