Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / b409718797da73ac4ee2de422d894297b2c2d8f7^! / .
commitb409718797da73ac4ee2de422d894297b2c2d8f7[log] [tgz]
authorDamien Miller <djm@mindrot.org>Sun May 23 14:09:40 2004 +1000
committerDamien Miller <djm@mindrot.org>Sun May 23 14:09:40 2004 +1000
tree6fa87e4af301a1c498d10e8ca873b2982e746fa3
parent701d0514ee3ffc5e8fde36bb0559709490407053 [diff]
 - (djm) [configure.ac] Warn if the system has no known way of figuring out
   which user is on the other end of a Unix domain socket; ok dtucker@

diff --git a/ChangeLog b/ChangeLog
index 879eb2b..fa74e88 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,6 +1,8 @@
 20040523
- - (djm) Explain consequences of UsePAM=yes a little better in sshd_config;
-   ok dtucker@
+ - (djm) [sshd_config] Explain consequences of UsePAM=yes a little better in 
+   sshd_config; ok dtucker@
+ - (djm) [configure.ac] Warn if the system has no known way of figuring out 
+   which user is on the other end of a Unix domain socket; ok dtucker@
 
 20040513
  - (dtucker) [configure.ac] Bug #867: Additional tests for res_query in
@@ -1122,4 +1124,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3356 2004/05/23 01:47:58 djm Exp $
+$Id: ChangeLog,v 1.3357 2004/05/23 04:09:40 djm Exp $

diff --git a/configure.ac b/configure.ac
index 850205c..76ac0e0 100644
--- a/configure.ac
+++ b/configure.ac

@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.217 2004/05/13 01:56:17 dtucker Exp $
+# $Id: configure.ac,v 1.218 2004/05/23 04:09:40 djm Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -926,6 +926,20 @@
 	)
 fi
 
+# Check for missing getpeereid (or equiv) support
+NO_PEERCHECK=""
+if test "x$ac_cv_func_getpeereid" != "xyes" ; then
+	AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
+	AC_TRY_COMPILE(
+		[#include <sys/types.h>
+		 #include <sys/socket.h>],
+		[int i = SO_PEERCRED;],
+		[AC_MSG_RESULT(yes)],
+		[AC_MSG_RESULT(no)
+		NO_PEERCHECK=1]
+        )
+fi
+
 dnl see whether mkstemp() requires XXXXXX
 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
 AC_MSG_CHECKING([for (overly) strict mkstemp])
@@ -2975,3 +2989,13 @@
 	echo ""
 fi
 
+if test ! -z "$NO_PEERCHECK" ; then
+	echo "WARNING: the operating system that you are using does not "
+	echo "appear to support either the getpeereid() API nor the "
+	echo "SO_PEERCRED getsockopt() option. These facilities are used to "
+	echo "enforce security checks to prevent unauthorised connections to "
+	echo "ssh-agent. Their absence increases the risk that a malicious "
+	echo "user can connect to your agent. "
+	echo ""
+fi
+