diff --git a/ChangeLog b/ChangeLog index 879eb2b02..fa74e8841 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20040523 - - (djm) Explain consequences of UsePAM=yes a little better in sshd_config; - ok dtucker@ + - (djm) [sshd_config] Explain consequences of UsePAM=yes a little better in + sshd_config; ok dtucker@ + - (djm) [configure.ac] Warn if the system has no known way of figuring out + which user is on the other end of a Unix domain socket; ok dtucker@ 20040513 - (dtucker) [configure.ac] Bug #867: Additional tests for res_query in @@ -1122,4 +1124,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3356 2004/05/23 01:47:58 djm Exp $ +$Id: ChangeLog,v 1.3357 2004/05/23 04:09:40 djm Exp $ diff --git a/configure.ac b/configure.ac index 850205cc7..76ac0e06c 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.217 2004/05/13 01:56:17 dtucker Exp $ +# $Id: configure.ac,v 1.218 2004/05/23 04:09:40 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -926,6 +926,20 @@ int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} ) fi +# Check for missing getpeereid (or equiv) support +NO_PEERCHECK="" +if test "x$ac_cv_func_getpeereid" != "xyes" ; then + AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) + AC_TRY_COMPILE( + [#include + #include ], + [int i = SO_PEERCRED;], + [AC_MSG_RESULT(yes)], + [AC_MSG_RESULT(no) + NO_PEERCHECK=1] + ) +fi + dnl see whether mkstemp() requires XXXXXX if test "x$ac_cv_func_mkdtemp" = "xyes" ; then AC_MSG_CHECKING([for (overly) strict mkstemp]) @@ -2975,3 +2989,13 @@ if test ! -z "$RAND_HELPER_CMDHASH" ; then echo "" fi +if test ! -z "$NO_PEERCHECK" ; then + echo "WARNING: the operating system that you are using does not " + echo "appear to support either the getpeereid() API nor the " + echo "SO_PEERCRED getsockopt() option. These facilities are used to " + echo "enforce security checks to prevent unauthorised connections to " + echo "ssh-agent. Their absence increases the risk that a malicious " + echo "user can connect to your agent. " + echo "" +fi +