- (bal) if mmap() is substandard, don't allow compression on server side.

   Post 'event' we will add more options.

5 files changed, 35 insertions, 8 deletions

diff --git a/ChangeLog b/ChangeLog
index 482a3ee89..79fdc57f7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,8 @@
  - (djm) Create privsep directory and warn if privsep user is missing 
    during make install
  - (bal) Started list of PrivSep issues in TODO
+ - (bal) if mmap() is substandard, don't allow compression on server side.
+   Post 'event' we will add more options.
 
 20020624
  - OpenBSD CVS Sync
@@ -1089,4 +1091,4 @@
  - (stevesk) entropy.c: typo in debug message
  - (djm) ssh-keygen -i needs seeded RNG; report from markus@
 
-$Id: ChangeLog,v 1.2268 2002/06/25 02:28:22 mouring Exp $
+$Id: ChangeLog,v 1.2269 2002/06/25 03:22:03 mouring Exp $
diff --git a/acconfig.h b/acconfig.h
index 682e2754c..0bf305bb8 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -1,4 +1,4 @@
-/* $Id: acconfig.h,v 1.139 2002/06/24 16:26:49 stevesk Exp $ */
+/* $Id: acconfig.h,v 1.140 2002/06/25 03:22:04 mouring Exp $ */
 
 #ifndef _CONFIG_H
 #define _CONFIG_H
@@ -355,6 +355,9 @@
 /* Path that unprivileged child will chroot() to in privep mode */
 #undef PRIVSEP_PATH
 
+/* Define if you have the `mmap' function that supports MAP_ANON|SHARED */
+#undef HAVE_MMAP_ANON_SHARED
+
 @BOTTOM@
 
 /* ******************* Shouldn't need to edit below this line ************** */
diff --git a/configure.ac b/configure.ac
index d29091e9e..a99860334 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.70 2002/06/25 00:24:48 djm Exp $
+# $Id: configure.ac,v 1.71 2002/06/25 03:22:04 mouring Exp $
 
 AC_INIT
 AC_CONFIG_SRCDIR([ssh.c])
@@ -574,6 +574,30 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \
         socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
         truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
 
+if test $ac_cv_func_mmap = yes ; then
+AC_MSG_CHECKING([for mmap anon shared])
+AC_TRY_RUN(
+        [
+#include <stdio.h>
+#include <sys/mman.h>
+#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
+#define MAP_ANON MAP_ANONYMOUS
+#endif
+main() { char *p;
+p = (char *) mmap(NULL, 10, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0);
+if (p == (char *)-1)
+        exit(1);
+exit(0);
+}
+        ],
+        [
+                AC_MSG_RESULT(yes)
+                AC_DEFINE(HAVE_MMAP_ANON_SHARED)
+        ],
+        [ AC_MSG_RESULT(no) ] 
+)
+fi
+
 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
         AC_CHECK_LIB(gen, dirname,[
diff --git a/monitor_mm.c b/monitor_mm.c
index 0076c4210..c7662d807 100644
--- a/monitor_mm.c
+++ b/monitor_mm.c
@@ -84,13 +84,11 @@ mm_create(struct mm_master *mmalloc, size_t size)
          */
         mm->mmalloc = mmalloc;
 
-#if  defined(HAVE_MMAP) && defined(MAP_ANON)
+#ifdef HAVE_MMAP_ANON_SHARED
         address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED,
             -1, 0);
-        if (address == MAP_FAILED)
-                fatal("mmap(%lu): %s", (u_long)size, strerror(errno));
 #else
-        fatal("%s: UsePrivilegeSeparation=yes not supported",
+        fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported",
             __func__);
 #endif
 
diff --git a/servconf.c b/servconf.c
index 0d77c7078..f311ae48d 100644
--- a/servconf.c
+++ b/servconf.c
@@ -257,7 +257,7 @@ fill_default_server_options(ServerOptions *options)
         if (use_privsep == -1)
                 use_privsep = 1;
 
-#if !defined(HAVE_MMAP) || !defined(MAP_ANON)
+#if !defined(HAVE_MMAP_ANON_SHARED)
         if (use_privsep && options->compression == 1) {
                 error("This platform does not support both privilege "
                     "separation and compression");