summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog3
-rw-r--r--Makefile.in9
-rw-r--r--acconfig.h5
-rw-r--r--configure.ac69
-rw-r--r--pathnames.h3
5 files changed, 57 insertions, 32 deletions
diff --git a/ChangeLog b/ChangeLog
index 92afe6b46..82e854541 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,7 @@
2 - (djm) Add --with-superuser-path=xxx configure option to specify what $PATH 2 - (djm) Add --with-superuser-path=xxx configure option to specify what $PATH
3 the superuser receives. 3 the superuser receives.
4 - (djm) Bug #231: UsePrivilegeSeparation turns off Banner. 4 - (djm) Bug #231: UsePrivilegeSeparation turns off Banner.
5 - (djm) Add --with-privsep-path configure option
5 6
620020511 720020511
7 - (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch. 8 - (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch.
@@ -572,4 +573,4 @@
572 - (stevesk) entropy.c: typo in debug message 573 - (stevesk) entropy.c: typo in debug message
573 - (djm) ssh-keygen -i needs seeded RNG; report from markus@ 574 - (djm) ssh-keygen -i needs seeded RNG; report from markus@
574 575
575$Id: ChangeLog,v 1.2108 2002/05/13 01:07:41 djm Exp $ 576$Id: ChangeLog,v 1.2109 2002/05/13 03:15:42 djm Exp $
diff --git a/Makefile.in b/Makefile.in
index 6af2e3a87..7f7c8d88a 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,8 +1,10 @@
1# $Id: Makefile.in,v 1.206 2002/05/09 14:05:59 tim Exp $ 1# $Id: Makefile.in,v 1.207 2002/05/13 03:15:43 djm Exp $
2 2
3# uncomment if you run a non bourne compatable shell. Ie. csh 3# uncomment if you run a non bourne compatable shell. Ie. csh
4#SHELL = @SH@ 4#SHELL = @SH@
5 5
6AUTORECONF=autoreconf
7
6prefix=@prefix@ 8prefix=@prefix@
7exec_prefix=@exec_prefix@ 9exec_prefix=@exec_prefix@
8bindir=@bindir@ 10bindir=@bindir@
@@ -21,12 +23,14 @@ VPATH=@srcdir@
21SSH_PROGRAM=@bindir@/ssh 23SSH_PROGRAM=@bindir@/ssh
22ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass 24ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
23SFTP_SERVER=$(libexecdir)/sftp-server 25SFTP_SERVER=$(libexecdir)/sftp-server
26PRIVSEP_PATH=@PRIVSEP_PATH@
24 27
25PATHS= -DSSHDIR=\"$(sysconfdir)\" \ 28PATHS= -DSSHDIR=\"$(sysconfdir)\" \
26 -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \ 29 -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
27 -D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \ 30 -D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \
28 -D_PATH_SFTP_SERVER=\"$(SFTP_SERVER)\" \ 31 -D_PATH_SFTP_SERVER=\"$(SFTP_SERVER)\" \
29 -D_PATH_SSH_PIDDIR=\"$(piddir)\" \ 32 -D_PATH_SSH_PIDDIR=\"$(piddir)\" \
33 -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\"
30 -DSSH_RAND_HELPER=\"$(libexecdir)/ssh-rand-helper\" 34 -DSSH_RAND_HELPER=\"$(libexecdir)/ssh-rand-helper\"
31 35
32CC=@CC@ 36CC=@CC@
@@ -80,6 +84,7 @@ PATHSUBS = \
80 -D/etc/ssh/moduli=$(sysconfdir)/moduli \ 84 -D/etc/ssh/moduli=$(sysconfdir)/moduli \
81 -D/etc/ssh/sshrc=$(sysconfdir)/sshrc \ 85 -D/etc/ssh/sshrc=$(sysconfdir)/sshrc \
82 -D/usr/X11R6/bin/xauth=$(XAUTH_PATH) \ 86 -D/usr/X11R6/bin/xauth=$(XAUTH_PATH) \
87 -D/var/empty=$(PRIVSEP_PATH) \
83 -D/usr/bin:/bin:/usr/sbin:/sbin=@user_path@ 88 -D/usr/bin:/bin:/usr/sbin:/sbin=@user_path@
84 89
85FIXPATHSCMD = $(PERL) $(srcdir)/fixpaths $(PATHSUBS) 90FIXPATHSCMD = $(PERL) $(srcdir)/fixpaths $(PATHSUBS)
@@ -184,7 +189,7 @@ catman-do:
184 done 189 done
185 190
186distprep: catman-do 191distprep: catman-do
187 autoreconf 192 $(AUTORECONF)
188 (cd scard && $(MAKE) -f Makefile.in distprep) 193 (cd scard && $(MAKE) -f Makefile.in distprep)
189 194
190install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key 195install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key
diff --git a/acconfig.h b/acconfig.h
index 6fabc0b05..bbe50162b 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -1,4 +1,4 @@
1/* $Id: acconfig.h,v 1.136 2002/05/13 00:56:51 djm Exp $ */ 1/* $Id: acconfig.h,v 1.137 2002/05/13 03:15:43 djm Exp $ */
2 2
3#ifndef _CONFIG_H 3#ifndef _CONFIG_H
4#define _CONFIG_H 4#define _CONFIG_H
@@ -352,6 +352,9 @@
352/* Define if you want a different $PATH for the superuser */ 352/* Define if you want a different $PATH for the superuser */
353#undef SUPERUSER_PATH 353#undef SUPERUSER_PATH
354 354
355/* Path that unprivileged child will chroot() to in privep mode */
356#undef PRIVSEP_PATH
357
355@BOTTOM@ 358@BOTTOM@
356 359
357/* ******************* Shouldn't need to edit below this line ************** */ 360/* ******************* Shouldn't need to edit below this line ************** */
diff --git a/configure.ac b/configure.ac
index 1b8aa5e1c..acbfe78bf 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
1# $Id: configure.ac,v 1.57 2002/05/13 00:48:58 djm Exp $ 1# $Id: configure.ac,v 1.58 2002/05/13 03:15:43 djm Exp $
2 2
3AC_INIT 3AC_INIT
4AC_CONFIG_SRCDIR([ssh.c]) 4AC_CONFIG_SRCDIR([ssh.c])
@@ -1792,6 +1792,17 @@ AC_ARG_WITH(rsh,
1792 ] 1792 ]
1793) 1793)
1794 1794
1795PRIVSEP_PATH=/var/empty
1796AC_ARG_WITH(privsep-path,
1797 [ --with-privsep-path=xxx Path for privilege seperation chroot ],
1798 [
1799 if test "x$withval" != "$no" ; then
1800 PRIVSEP_PATH=$withval
1801 fi
1802 ]
1803)
1804AC_SUBST(PRIVSEP_PATH)
1805
1795AC_ARG_WITH(xauth, 1806AC_ARG_WITH(xauth,
1796 [ --with-xauth=PATH Specify path to xauth program ], 1807 [ --with-xauth=PATH Specify path to xauth program ],
1797 [ 1808 [
@@ -2363,41 +2374,43 @@ D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
2363E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 2374E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
2364F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 2375F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
2365G=`eval echo ${piddir}` ; G=`eval echo ${G}` 2376G=`eval echo ${piddir}` ; G=`eval echo ${G}`
2366H=`eval echo ${user_path}` ; H=`eval echo ${H}` 2377H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
2367I=`eval echo ${superuser_path}` ; I=`eval echo ${I}` 2378I=`eval echo ${user_path}` ; I=`eval echo ${I}`
2379J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
2368 2380
2369echo "" 2381echo ""
2370echo "OpenSSH has been configured with the following options:" 2382echo "OpenSSH has been configured with the following options:"
2371echo " User binaries: $B" 2383echo " User binaries: $B"
2372echo " System binaries: $C" 2384echo " System binaries: $C"
2373echo " Configuration files: $D" 2385echo " Configuration files: $D"
2374echo " Askpass program: $E" 2386echo " Askpass program: $E"
2375echo " Manual pages: $F" 2387echo " Manual pages: $F"
2376echo " PID file: $G" 2388echo " PID file: $G"
2389echo " Privilege separation chroot path: $H"
2377if test "$USES_LOGIN_CONF" = "yes" ; then 2390if test "$USES_LOGIN_CONF" = "yes" ; then
2378echo " At runtime, sshd will use the path defined in /etc/login.conf" 2391echo " At runtime, sshd will use the path defined in /etc/login.conf"
2379else 2392else
2380echo " sshd default user PATH: $H" 2393echo " sshd default user PATH: $I"
2381fi 2394fi
2382if test ! -z "$superuser_path" ; then 2395if test ! -z "$superuser_path" ; then
2383echo " sshd superuser user PATH: $I" 2396echo " sshd superuser user PATH: $J"
2384fi 2397fi
2385echo " Manpage format: $MANTYPE" 2398echo " Manpage format: $MANTYPE"
2386echo " PAM support: ${PAM_MSG}" 2399echo " PAM support: ${PAM_MSG}"
2387echo " KerberosIV support: $KRB4_MSG" 2400echo " KerberosIV support: $KRB4_MSG"
2388echo " KerberosV support: $KRB5_MSG" 2401echo " KerberosV support: $KRB5_MSG"
2389echo " Smartcard support: $SCARD_MSG" 2402echo " Smartcard support: $SCARD_MSG"
2390echo " AFS support: $AFS_MSG" 2403echo " AFS support: $AFS_MSG"
2391echo " S/KEY support: $SKEY_MSG" 2404echo " S/KEY support: $SKEY_MSG"
2392echo " TCP Wrappers support: $TCPW_MSG" 2405echo " TCP Wrappers support: $TCPW_MSG"
2393echo " MD5 password support: $MD5_MSG" 2406echo " MD5 password support: $MD5_MSG"
2394echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 2407echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
2395echo " Use IPv4 by default hack: $IPV4_HACK_MSG" 2408echo " Use IPv4 by default hack: $IPV4_HACK_MSG"
2396echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 2409echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
2397echo " BSD Auth support: $BSD_AUTH_MSG" 2410echo " BSD Auth support: $BSD_AUTH_MSG"
2398echo " Random number source: $RAND_MSG" 2411echo " Random number source: $RAND_MSG"
2399if test ! -z "$USE_RAND_HELPER" ; then 2412if test ! -z "$USE_RAND_HELPER" ; then
2400 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG" 2413echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
2401fi 2414fi
2402 2415
2403echo "" 2416echo ""
diff --git a/pathnames.h b/pathnames.h
index 943830c08..691293c33 100644
--- a/pathnames.h
+++ b/pathnames.h
@@ -141,7 +141,10 @@
141#endif 141#endif
142 142
143/* chroot directory for unprivileged user when UsePrivilegeSeparation=yes */ 143/* chroot directory for unprivileged user when UsePrivilegeSeparation=yes */
144#ifndef _PATH_PRIVSEP_CHROOT_DIR
144#define _PATH_PRIVSEP_CHROOT_DIR "/var/empty" 145#define _PATH_PRIVSEP_CHROOT_DIR "/var/empty"
146#endif
147
145#ifndef _PATH_LS 148#ifndef _PATH_LS
146#define _PATH_LS "ls" 149#define _PATH_LS "ls"
147#endif 150#endif
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 10:22:48 +0000