From b409718797da73ac4ee2de422d894297b2c2d8f7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 23 May 2004 14:09:40 +1000 Subject: - (djm) [configure.ac] Warn if the system has no known way of figuring out which user is on the other end of a Unix domain socket; ok dtucker@ --- configure.ac | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index 850205cc7..76ac0e06c 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.217 2004/05/13 01:56:17 dtucker Exp $ +# $Id: configure.ac,v 1.218 2004/05/23 04:09:40 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -926,6 +926,20 @@ int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} ) fi +# Check for missing getpeereid (or equiv) support +NO_PEERCHECK="" +if test "x$ac_cv_func_getpeereid" != "xyes" ; then + AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) + AC_TRY_COMPILE( + [#include + #include ], + [int i = SO_PEERCRED;], + [AC_MSG_RESULT(yes)], + [AC_MSG_RESULT(no) + NO_PEERCHECK=1] + ) +fi + dnl see whether mkstemp() requires XXXXXX if test "x$ac_cv_func_mkdtemp" = "xyes" ; then AC_MSG_CHECKING([for (overly) strict mkstemp]) @@ -2975,3 +2989,13 @@ if test ! -z "$RAND_HELPER_CMDHASH" ; then echo "" fi +if test ! -z "$NO_PEERCHECK" ; then + echo "WARNING: the operating system that you are using does not " + echo "appear to support either the getpeereid() API nor the " + echo "SO_PEERCRED getsockopt() option. These facilities are used to " + echo "enforce security checks to prevent unauthorised connections to " + echo "ssh-agent. Their absence increases the risk that a malicious " + echo "user can connect to your agent. " + echo "" +fi + -- cgit v1.2.3