- (djm) [configure.ac] Warn if the system has no known way of figuring out
which user is on the other end of a Unix domain socket; ok dtucker@
This commit is contained in:
Damien Miller
parent
701d0514ee
commit
b409718797
|
|
@ -1,6 +1,8 @@
|
|||
20040523
|
||||
- (djm) Explain consequences of UsePAM=yes a little better in sshd_config;
|
||||
ok dtucker@
|
||||
- (djm) [sshd_config] Explain consequences of UsePAM=yes a little better in
|
||||
sshd_config; ok dtucker@
|
||||
- (djm) [configure.ac] Warn if the system has no known way of figuring out
|
||||
which user is on the other end of a Unix domain socket; ok dtucker@
|
||||
|
||||
20040513
|
||||
- (dtucker) [configure.ac] Bug #867: Additional tests for res_query in
|
||||
|
|
@ -1122,4 +1124,4 @@
|
|||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||
|
||||
$Id: ChangeLog,v 1.3356 2004/05/23 01:47:58 djm Exp $
|
||||
$Id: ChangeLog,v 1.3357 2004/05/23 04:09:40 djm Exp $
|
||||
|
|
|
|||
26
configure.ac
26
configure.ac
|
|
@ -1,4 +1,4 @@
|
|||
# $Id: configure.ac,v 1.217 2004/05/13 01:56:17 dtucker Exp $
|
||||
# $Id: configure.ac,v 1.218 2004/05/23 04:09:40 djm Exp $
|
||||
#
|
||||
# Copyright (c) 1999-2004 Damien Miller
|
||||
#
|
||||
|
|
@ -926,6 +926,20 @@ int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
|
|||
)
|
||||
fi
|
||||
|
||||
# Check for missing getpeereid (or equiv) support
|
||||
NO_PEERCHECK=""
|
||||
if test "x$ac_cv_func_getpeereid" != "xyes" ; then
|
||||
AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
|
||||
AC_TRY_COMPILE(
|
||||
[#include <sys/types.h>
|
||||
#include <sys/socket.h>],
|
||||
[int i = SO_PEERCRED;],
|
||||
[AC_MSG_RESULT(yes)],
|
||||
[AC_MSG_RESULT(no)
|
||||
NO_PEERCHECK=1]
|
||||
)
|
||||
fi
|
||||
|
||||
dnl see whether mkstemp() requires XXXXXX
|
||||
if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
|
||||
AC_MSG_CHECKING([for (overly) strict mkstemp])
|
||||
|
|
@ -2975,3 +2989,13 @@ if test ! -z "$RAND_HELPER_CMDHASH" ; then
|
|||
echo ""
|
||||
fi
|
||||
|
||||
if test ! -z "$NO_PEERCHECK" ; then
|
||||
echo "WARNING: the operating system that you are using does not "
|
||||
echo "appear to support either the getpeereid() API nor the "
|
||||
echo "SO_PEERCRED getsockopt() option. These facilities are used to "
|
||||
echo "enforce security checks to prevent unauthorised connections to "
|
||||
echo "ssh-agent. Their absence increases the risk that a malicious "
|
||||
echo "user can connect to your agent. "
|
||||
echo ""
|
||||
fi
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue