Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 7ff911216bbc288869c6b8ce99cd812ead66b886^! / .
commit7ff911216bbc288869c6b8ce99cd812ead66b886[log] [tgz]
authorKevin Steves <stevesk@pobox.com>Sun Apr 07 19:22:54 2002 +0000
committerKevin Steves <stevesk@pobox.com>Sun Apr 07 19:22:54 2002 +0000
tree1046540d4cf19de550198d7d21b2fca00a70e901
parentb1184bbf2931f064b5b38c3a0fe9440d02c67610 [diff]
 - (stevesk) --with-privsep-user; default sshd

diff --git a/ChangeLog b/ChangeLog
index a739f23..82e06be 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -7,6 +7,7 @@
    monitor_mm.c
  - (stevesk) remove configure support for poll.h; it was removed
    from sshd.c a long time ago.
+ - (stevesk) --with-privsep-user; default sshd
 
 20020406
  - (djm) Typo in Suse SPEC file. Fix from Carsten Grohmann 
@@ -8197,4 +8198,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.2037 2002/04/07 18:12:03 stevesk Exp $
+$Id: ChangeLog,v 1.2038 2002/04/07 19:22:55 stevesk Exp $

diff --git a/acconfig.h b/acconfig.h
index 7c5c160..a6bb1b7 100644
--- a/acconfig.h
+++ b/acconfig.h

@@ -1,4 +1,4 @@
-/* $Id: acconfig.h,v 1.128 2002/04/07 16:18:04 stevesk Exp $ */
+/* $Id: acconfig.h,v 1.129 2002/04/07 19:22:54 stevesk Exp $ */
 
 #ifndef _CONFIG_H
 #define _CONFIG_H
@@ -100,6 +100,9 @@
 /* Builtin PRNG command timeout */
 #undef ENTROPY_TIMEOUT_MSEC
 
+/* non-privileged user for privilege separation */
+#undef SSH_PRIVSEP_USER
+
 /* Define if you want to install preformatted manpages.*/
 #undef MANTYPE
 

diff --git a/configure.ac b/configure.ac
index b3fa186..10f238a 100644
--- a/configure.ac
+++ b/configure.ac

@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.38 2002/04/07 18:12:04 stevesk Exp $
+# $Id: configure.ac,v 1.39 2002/04/07 19:22:54 stevesk Exp $
 
 AC_INIT
 AC_CONFIG_SRCDIR([ssh.c])
@@ -993,9 +993,19 @@
 		fi
 	]	
 )
-
 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
 
+ssh_privsep_user=sshd
+AC_ARG_WITH(privsep-user,
+	[  --with-privsep-user     Specify non-privileged user for privilege separation],
+	[
+		if test -n "$withval"; then
+			ssh_privsep_user=$withval
+		fi
+	]	
+)
+AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, $ssh_privsep_user)
+
 # We do this little dance with the search path to insure
 # that programs that we select for use by installed programs
 # (which may be run by the super-user) come from trusted

diff --git a/ssh.h b/ssh.h
index c5b5003..eefd57d 100644
--- a/ssh.h
+++ b/ssh.h

@@ -104,7 +104,9 @@
  * sshd will change its pivileges to this user and its
  * primary group.
  */
+#ifndef SSH_PRIVSEP_USER
 #define SSH_PRIVSEP_USER		"nobody"
+#endif
 
 /* Minimum modulus size (n) for RSA keys. */
 #define SSH_RSA_MINIMUM_MODULUS_SIZE	768