diff --git a/ChangeLog b/ChangeLog index a739f235a..82e06bec7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,7 @@ monitor_mm.c - (stevesk) remove configure support for poll.h; it was removed from sshd.c a long time ago. + - (stevesk) --with-privsep-user; default sshd 20020406 - (djm) Typo in Suse SPEC file. Fix from Carsten Grohmann @@ -8197,4 +8198,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.2037 2002/04/07 18:12:03 stevesk Exp $ +$Id: ChangeLog,v 1.2038 2002/04/07 19:22:55 stevesk Exp $ diff --git a/acconfig.h b/acconfig.h index 7c5c1605d..a6bb1b795 100644 --- a/acconfig.h +++ b/acconfig.h @@ -1,4 +1,4 @@ -/* $Id: acconfig.h,v 1.128 2002/04/07 16:18:04 stevesk Exp $ */ +/* $Id: acconfig.h,v 1.129 2002/04/07 19:22:54 stevesk Exp $ */ #ifndef _CONFIG_H #define _CONFIG_H @@ -100,6 +100,9 @@ /* Builtin PRNG command timeout */ #undef ENTROPY_TIMEOUT_MSEC +/* non-privileged user for privilege separation */ +#undef SSH_PRIVSEP_USER + /* Define if you want to install preformatted manpages.*/ #undef MANTYPE diff --git a/configure.ac b/configure.ac index b3fa18674..10f238a25 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.38 2002/04/07 18:12:04 stevesk Exp $ +# $Id: configure.ac,v 1.39 2002/04/07 19:22:54 stevesk Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -993,9 +993,19 @@ AC_ARG_WITH(entropy-timeout, fi ] ) - AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout) +ssh_privsep_user=sshd +AC_ARG_WITH(privsep-user, + [ --with-privsep-user Specify non-privileged user for privilege separation], + [ + if test -n "$withval"; then + ssh_privsep_user=$withval + fi + ] +) +AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, $ssh_privsep_user) + # We do this little dance with the search path to insure # that programs that we select for use by installed programs # (which may be run by the super-user) come from trusted diff --git a/ssh.h b/ssh.h index c5b500345..eefd57d5d 100644 --- a/ssh.h +++ b/ssh.h @@ -104,7 +104,9 @@ * sshd will change its pivileges to this user and its * primary group. */ +#ifndef SSH_PRIVSEP_USER #define SSH_PRIVSEP_USER "nobody" +#endif /* Minimum modulus size (n) for RSA keys. */ #define SSH_RSA_MINIMUM_MODULUS_SIZE 768