diff options
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | Makefile.in | 9 | ||||
-rw-r--r-- | acconfig.h | 5 | ||||
-rw-r--r-- | configure.ac | 69 | ||||
-rw-r--r-- | pathnames.h | 3 |
5 files changed, 57 insertions, 32 deletions
@@ -2,6 +2,7 @@ | |||
2 | - (djm) Add --with-superuser-path=xxx configure option to specify what $PATH | 2 | - (djm) Add --with-superuser-path=xxx configure option to specify what $PATH |
3 | the superuser receives. | 3 | the superuser receives. |
4 | - (djm) Bug #231: UsePrivilegeSeparation turns off Banner. | 4 | - (djm) Bug #231: UsePrivilegeSeparation turns off Banner. |
5 | - (djm) Add --with-privsep-path configure option | ||
5 | 6 | ||
6 | 20020511 | 7 | 20020511 |
7 | - (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch. | 8 | - (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch. |
@@ -572,4 +573,4 @@ | |||
572 | - (stevesk) entropy.c: typo in debug message | 573 | - (stevesk) entropy.c: typo in debug message |
573 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | 574 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ |
574 | 575 | ||
575 | $Id: ChangeLog,v 1.2108 2002/05/13 01:07:41 djm Exp $ | 576 | $Id: ChangeLog,v 1.2109 2002/05/13 03:15:42 djm Exp $ |
diff --git a/Makefile.in b/Makefile.in index 6af2e3a87..7f7c8d88a 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -1,8 +1,10 @@ | |||
1 | # $Id: Makefile.in,v 1.206 2002/05/09 14:05:59 tim Exp $ | 1 | # $Id: Makefile.in,v 1.207 2002/05/13 03:15:43 djm Exp $ |
2 | 2 | ||
3 | # uncomment if you run a non bourne compatable shell. Ie. csh | 3 | # uncomment if you run a non bourne compatable shell. Ie. csh |
4 | #SHELL = @SH@ | 4 | #SHELL = @SH@ |
5 | 5 | ||
6 | AUTORECONF=autoreconf | ||
7 | |||
6 | prefix=@prefix@ | 8 | prefix=@prefix@ |
7 | exec_prefix=@exec_prefix@ | 9 | exec_prefix=@exec_prefix@ |
8 | bindir=@bindir@ | 10 | bindir=@bindir@ |
@@ -21,12 +23,14 @@ VPATH=@srcdir@ | |||
21 | SSH_PROGRAM=@bindir@/ssh | 23 | SSH_PROGRAM=@bindir@/ssh |
22 | ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass | 24 | ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass |
23 | SFTP_SERVER=$(libexecdir)/sftp-server | 25 | SFTP_SERVER=$(libexecdir)/sftp-server |
26 | PRIVSEP_PATH=@PRIVSEP_PATH@ | ||
24 | 27 | ||
25 | PATHS= -DSSHDIR=\"$(sysconfdir)\" \ | 28 | PATHS= -DSSHDIR=\"$(sysconfdir)\" \ |
26 | -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \ | 29 | -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \ |
27 | -D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \ | 30 | -D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \ |
28 | -D_PATH_SFTP_SERVER=\"$(SFTP_SERVER)\" \ | 31 | -D_PATH_SFTP_SERVER=\"$(SFTP_SERVER)\" \ |
29 | -D_PATH_SSH_PIDDIR=\"$(piddir)\" \ | 32 | -D_PATH_SSH_PIDDIR=\"$(piddir)\" \ |
33 | -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\" | ||
30 | -DSSH_RAND_HELPER=\"$(libexecdir)/ssh-rand-helper\" | 34 | -DSSH_RAND_HELPER=\"$(libexecdir)/ssh-rand-helper\" |
31 | 35 | ||
32 | CC=@CC@ | 36 | CC=@CC@ |
@@ -80,6 +84,7 @@ PATHSUBS = \ | |||
80 | -D/etc/ssh/moduli=$(sysconfdir)/moduli \ | 84 | -D/etc/ssh/moduli=$(sysconfdir)/moduli \ |
81 | -D/etc/ssh/sshrc=$(sysconfdir)/sshrc \ | 85 | -D/etc/ssh/sshrc=$(sysconfdir)/sshrc \ |
82 | -D/usr/X11R6/bin/xauth=$(XAUTH_PATH) \ | 86 | -D/usr/X11R6/bin/xauth=$(XAUTH_PATH) \ |
87 | -D/var/empty=$(PRIVSEP_PATH) \ | ||
83 | -D/usr/bin:/bin:/usr/sbin:/sbin=@user_path@ | 88 | -D/usr/bin:/bin:/usr/sbin:/sbin=@user_path@ |
84 | 89 | ||
85 | FIXPATHSCMD = $(PERL) $(srcdir)/fixpaths $(PATHSUBS) | 90 | FIXPATHSCMD = $(PERL) $(srcdir)/fixpaths $(PATHSUBS) |
@@ -184,7 +189,7 @@ catman-do: | |||
184 | done | 189 | done |
185 | 190 | ||
186 | distprep: catman-do | 191 | distprep: catman-do |
187 | autoreconf | 192 | $(AUTORECONF) |
188 | (cd scard && $(MAKE) -f Makefile.in distprep) | 193 | (cd scard && $(MAKE) -f Makefile.in distprep) |
189 | 194 | ||
190 | install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key | 195 | install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key |
diff --git a/acconfig.h b/acconfig.h index 6fabc0b05..bbe50162b 100644 --- a/acconfig.h +++ b/acconfig.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: acconfig.h,v 1.136 2002/05/13 00:56:51 djm Exp $ */ | 1 | /* $Id: acconfig.h,v 1.137 2002/05/13 03:15:43 djm Exp $ */ |
2 | 2 | ||
3 | #ifndef _CONFIG_H | 3 | #ifndef _CONFIG_H |
4 | #define _CONFIG_H | 4 | #define _CONFIG_H |
@@ -352,6 +352,9 @@ | |||
352 | /* Define if you want a different $PATH for the superuser */ | 352 | /* Define if you want a different $PATH for the superuser */ |
353 | #undef SUPERUSER_PATH | 353 | #undef SUPERUSER_PATH |
354 | 354 | ||
355 | /* Path that unprivileged child will chroot() to in privep mode */ | ||
356 | #undef PRIVSEP_PATH | ||
357 | |||
355 | @BOTTOM@ | 358 | @BOTTOM@ |
356 | 359 | ||
357 | /* ******************* Shouldn't need to edit below this line ************** */ | 360 | /* ******************* Shouldn't need to edit below this line ************** */ |
diff --git a/configure.ac b/configure.ac index 1b8aa5e1c..acbfe78bf 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.57 2002/05/13 00:48:58 djm Exp $ | 1 | # $Id: configure.ac,v 1.58 2002/05/13 03:15:43 djm Exp $ |
2 | 2 | ||
3 | AC_INIT | 3 | AC_INIT |
4 | AC_CONFIG_SRCDIR([ssh.c]) | 4 | AC_CONFIG_SRCDIR([ssh.c]) |
@@ -1792,6 +1792,17 @@ AC_ARG_WITH(rsh, | |||
1792 | ] | 1792 | ] |
1793 | ) | 1793 | ) |
1794 | 1794 | ||
1795 | PRIVSEP_PATH=/var/empty | ||
1796 | AC_ARG_WITH(privsep-path, | ||
1797 | [ --with-privsep-path=xxx Path for privilege seperation chroot ], | ||
1798 | [ | ||
1799 | if test "x$withval" != "$no" ; then | ||
1800 | PRIVSEP_PATH=$withval | ||
1801 | fi | ||
1802 | ] | ||
1803 | ) | ||
1804 | AC_SUBST(PRIVSEP_PATH) | ||
1805 | |||
1795 | AC_ARG_WITH(xauth, | 1806 | AC_ARG_WITH(xauth, |
1796 | [ --with-xauth=PATH Specify path to xauth program ], | 1807 | [ --with-xauth=PATH Specify path to xauth program ], |
1797 | [ | 1808 | [ |
@@ -2363,41 +2374,43 @@ D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` | |||
2363 | E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` | 2374 | E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` |
2364 | F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` | 2375 | F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` |
2365 | G=`eval echo ${piddir}` ; G=`eval echo ${G}` | 2376 | G=`eval echo ${piddir}` ; G=`eval echo ${G}` |
2366 | H=`eval echo ${user_path}` ; H=`eval echo ${H}` | 2377 | H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` |
2367 | I=`eval echo ${superuser_path}` ; I=`eval echo ${I}` | 2378 | I=`eval echo ${user_path}` ; I=`eval echo ${I}` |
2379 | J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` | ||
2368 | 2380 | ||
2369 | echo "" | 2381 | echo "" |
2370 | echo "OpenSSH has been configured with the following options:" | 2382 | echo "OpenSSH has been configured with the following options:" |
2371 | echo " User binaries: $B" | 2383 | echo " User binaries: $B" |
2372 | echo " System binaries: $C" | 2384 | echo " System binaries: $C" |
2373 | echo " Configuration files: $D" | 2385 | echo " Configuration files: $D" |
2374 | echo " Askpass program: $E" | 2386 | echo " Askpass program: $E" |
2375 | echo " Manual pages: $F" | 2387 | echo " Manual pages: $F" |
2376 | echo " PID file: $G" | 2388 | echo " PID file: $G" |
2389 | echo " Privilege separation chroot path: $H" | ||
2377 | if test "$USES_LOGIN_CONF" = "yes" ; then | 2390 | if test "$USES_LOGIN_CONF" = "yes" ; then |
2378 | echo " At runtime, sshd will use the path defined in /etc/login.conf" | 2391 | echo " At runtime, sshd will use the path defined in /etc/login.conf" |
2379 | else | 2392 | else |
2380 | echo " sshd default user PATH: $H" | 2393 | echo " sshd default user PATH: $I" |
2381 | fi | 2394 | fi |
2382 | if test ! -z "$superuser_path" ; then | 2395 | if test ! -z "$superuser_path" ; then |
2383 | echo " sshd superuser user PATH: $I" | 2396 | echo " sshd superuser user PATH: $J" |
2384 | fi | 2397 | fi |
2385 | echo " Manpage format: $MANTYPE" | 2398 | echo " Manpage format: $MANTYPE" |
2386 | echo " PAM support: ${PAM_MSG}" | 2399 | echo " PAM support: ${PAM_MSG}" |
2387 | echo " KerberosIV support: $KRB4_MSG" | 2400 | echo " KerberosIV support: $KRB4_MSG" |
2388 | echo " KerberosV support: $KRB5_MSG" | 2401 | echo " KerberosV support: $KRB5_MSG" |
2389 | echo " Smartcard support: $SCARD_MSG" | 2402 | echo " Smartcard support: $SCARD_MSG" |
2390 | echo " AFS support: $AFS_MSG" | 2403 | echo " AFS support: $AFS_MSG" |
2391 | echo " S/KEY support: $SKEY_MSG" | 2404 | echo " S/KEY support: $SKEY_MSG" |
2392 | echo " TCP Wrappers support: $TCPW_MSG" | 2405 | echo " TCP Wrappers support: $TCPW_MSG" |
2393 | echo " MD5 password support: $MD5_MSG" | 2406 | echo " MD5 password support: $MD5_MSG" |
2394 | echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" | 2407 | echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" |
2395 | echo " Use IPv4 by default hack: $IPV4_HACK_MSG" | 2408 | echo " Use IPv4 by default hack: $IPV4_HACK_MSG" |
2396 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" | 2409 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" |
2397 | echo " BSD Auth support: $BSD_AUTH_MSG" | 2410 | echo " BSD Auth support: $BSD_AUTH_MSG" |
2398 | echo " Random number source: $RAND_MSG" | 2411 | echo " Random number source: $RAND_MSG" |
2399 | if test ! -z "$USE_RAND_HELPER" ; then | 2412 | if test ! -z "$USE_RAND_HELPER" ; then |
2400 | echo " ssh-rand-helper collects from: $RAND_HELPER_MSG" | 2413 | echo " ssh-rand-helper collects from: $RAND_HELPER_MSG" |
2401 | fi | 2414 | fi |
2402 | 2415 | ||
2403 | echo "" | 2416 | echo "" |
diff --git a/pathnames.h b/pathnames.h index 943830c08..691293c33 100644 --- a/pathnames.h +++ b/pathnames.h | |||
@@ -141,7 +141,10 @@ | |||
141 | #endif | 141 | #endif |
142 | 142 | ||
143 | /* chroot directory for unprivileged user when UsePrivilegeSeparation=yes */ | 143 | /* chroot directory for unprivileged user when UsePrivilegeSeparation=yes */ |
144 | #ifndef _PATH_PRIVSEP_CHROOT_DIR | ||
144 | #define _PATH_PRIVSEP_CHROOT_DIR "/var/empty" | 145 | #define _PATH_PRIVSEP_CHROOT_DIR "/var/empty" |
146 | #endif | ||
147 | |||
145 | #ifndef _PATH_LS | 148 | #ifndef _PATH_LS |
146 | #define _PATH_LS "ls" | 149 | #define _PATH_LS "ls" |
147 | #endif | 150 | #endif |