RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-01-03 00:02:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

- (djm) Add --with-privsep-path configure option

Browse Source
This commit is contained in:
Damien Miller 2002-05-13 13:15:42 +10:00
parent 5ad9fd9820
commit f58c672f0e
5 changed files with 56 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@ -2,6 +2,7 @@
- (djm) Add --with-superuser-path=xxx configure option to specify what $PATH - (djm) Add --with-superuser-path=xxx configure option to specify what $PATH
the superuser receives. the superuser receives.
- (djm) Bug #231: UsePrivilegeSeparation turns off Banner. - (djm) Bug #231: UsePrivilegeSeparation turns off Banner.
- (djm) Add --with-privsep-path configure option
20020511 20020511
- (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch. - (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch.
@ -572,4 +573,4 @@
- (stevesk) entropy.c: typo in debug message - (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@ - (djm) ssh-keygen -i needs seeded RNG; report from markus@
$Id: ChangeLog,v 1.2108 2002/05/13 01:07:41 djm Exp $ $Id: ChangeLog,v 1.2109 2002/05/13 03:15:42 djm Exp $

9
Makefile.in
View File

@ -1,8 +1,10 @@
# $Id: Makefile.in,v 1.206 2002/05/09 14:05:59 tim Exp $ # $Id: Makefile.in,v 1.207 2002/05/13 03:15:43 djm Exp $
# uncomment if you run a non bourne compatable shell. Ie. csh # uncomment if you run a non bourne compatable shell. Ie. csh
#SHELL = @SH@ #SHELL = @SH@
AUTORECONF=autoreconf
prefix=@prefix@ prefix=@prefix@
exec_prefix=@exec_prefix@ exec_prefix=@exec_prefix@
bindir=@bindir@ bindir=@bindir@
@ -21,12 +23,14 @@ VPATH=@srcdir@
SSH_PROGRAM=@bindir@/ssh SSH_PROGRAM=@bindir@/ssh
ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
SFTP_SERVER=$(libexecdir)/sftp-server SFTP_SERVER=$(libexecdir)/sftp-server
PRIVSEP_PATH=@PRIVSEP_PATH@
PATHS= -DSSHDIR=\"$(sysconfdir)\" \ PATHS= -DSSHDIR=\"$(sysconfdir)\" \
-D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \ -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
-D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \ -D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \
-D_PATH_SFTP_SERVER=\"$(SFTP_SERVER)\" \ -D_PATH_SFTP_SERVER=\"$(SFTP_SERVER)\" \
-D_PATH_SSH_PIDDIR=\"$(piddir)\" \ -D_PATH_SSH_PIDDIR=\"$(piddir)\" \
-D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\"
-DSSH_RAND_HELPER=\"$(libexecdir)/ssh-rand-helper\" -DSSH_RAND_HELPER=\"$(libexecdir)/ssh-rand-helper\"
CC=@CC@ CC=@CC@
@ -80,6 +84,7 @@ PATHSUBS = \
-D/etc/ssh/moduli=$(sysconfdir)/moduli \ -D/etc/ssh/moduli=$(sysconfdir)/moduli \
-D/etc/ssh/sshrc=$(sysconfdir)/sshrc \ -D/etc/ssh/sshrc=$(sysconfdir)/sshrc \
-D/usr/X11R6/bin/xauth=$(XAUTH_PATH) \ -D/usr/X11R6/bin/xauth=$(XAUTH_PATH) \
-D/var/empty=$(PRIVSEP_PATH) \
-D/usr/bin:/bin:/usr/sbin:/sbin=@user_path@ -D/usr/bin:/bin:/usr/sbin:/sbin=@user_path@
FIXPATHSCMD = $(PERL) $(srcdir)/fixpaths $(PATHSUBS) FIXPATHSCMD = $(PERL) $(srcdir)/fixpaths $(PATHSUBS)
@ -184,7 +189,7 @@ catman-do:
done done
distprep: catman-do distprep: catman-do
autoreconf $(AUTORECONF)
(cd scard && $(MAKE) -f Makefile.in distprep) (cd scard && $(MAKE) -f Makefile.in distprep)
install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key

5
acconfig.h
View File

@ -1,4 +1,4 @@
/* $Id: acconfig.h,v 1.136 2002/05/13 00:56:51 djm Exp $ */ /* $Id: acconfig.h,v 1.137 2002/05/13 03:15:43 djm Exp $ */
#ifndef _CONFIG_H #ifndef _CONFIG_H
#define _CONFIG_H #define _CONFIG_H
@ -352,6 +352,9 @@
/* Define if you want a different $PATH for the superuser */ /* Define if you want a different $PATH for the superuser */
#undef SUPERUSER_PATH #undef SUPERUSER_PATH
/* Path that unprivileged child will chroot() to in privep mode */
#undef PRIVSEP_PATH
@BOTTOM@ @BOTTOM@
/* ******************* Shouldn't need to edit below this line ************** */ /* ******************* Shouldn't need to edit below this line ************** */

67
configure.ac
View File

@ -1,4 +1,4 @@
# $Id: configure.ac,v 1.57 2002/05/13 00:48:58 djm Exp $ # $Id: configure.ac,v 1.58 2002/05/13 03:15:43 djm Exp $
AC_INIT AC_INIT
AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_SRCDIR([ssh.c])
@ -1792,6 +1792,17 @@ AC_ARG_WITH(rsh,
] ]
) )
PRIVSEP_PATH=/var/empty
AC_ARG_WITH(privsep-path,
[ --with-privsep-path=xxx Path for privilege seperation chroot ],
[
if test "x$withval" != "$no" ; then
PRIVSEP_PATH=$withval
fi
]
)
AC_SUBST(PRIVSEP_PATH)
AC_ARG_WITH(xauth, AC_ARG_WITH(xauth,
[ --with-xauth=PATH Specify path to xauth program ], [ --with-xauth=PATH Specify path to xauth program ],
[ [
@ -2363,41 +2374,43 @@ D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
G=`eval echo ${piddir}` ; G=`eval echo ${G}` G=`eval echo ${piddir}` ; G=`eval echo ${G}`
H=`eval echo ${user_path}` ; H=`eval echo ${H}` H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
I=`eval echo ${superuser_path}` ; I=`eval echo ${I}` I=`eval echo ${user_path}` ; I=`eval echo ${I}`
J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
echo "" echo ""
echo "OpenSSH has been configured with the following options:" echo "OpenSSH has been configured with the following options:"
echo " User binaries: $B" echo " User binaries: $B"
echo " System binaries: $C" echo " System binaries: $C"
echo " Configuration files: $D" echo " Configuration files: $D"
echo " Askpass program: $E" echo " Askpass program: $E"
echo " Manual pages: $F" echo " Manual pages: $F"
echo " PID file: $G" echo " PID file: $G"
echo " Privilege separation chroot path: $H"
if test "$USES_LOGIN_CONF" = "yes" ; then if test "$USES_LOGIN_CONF" = "yes" ; then
echo " At runtime, sshd will use the path defined in /etc/login.conf" echo " At runtime, sshd will use the path defined in /etc/login.conf"
else else
echo " sshd default user PATH: $H" echo " sshd default user PATH: $I"
fi fi
if test ! -z "$superuser_path" ; then if test ! -z "$superuser_path" ; then
echo " sshd superuser user PATH: $I" echo " sshd superuser user PATH: $J"
fi fi
echo " Manpage format: $MANTYPE" echo " Manpage format: $MANTYPE"
echo " PAM support: ${PAM_MSG}" echo " PAM support: ${PAM_MSG}"
echo " KerberosIV support: $KRB4_MSG" echo " KerberosIV support: $KRB4_MSG"
echo " KerberosV support: $KRB5_MSG" echo " KerberosV support: $KRB5_MSG"
echo " Smartcard support: $SCARD_MSG" echo " Smartcard support: $SCARD_MSG"
echo " AFS support: $AFS_MSG" echo " AFS support: $AFS_MSG"
echo " S/KEY support: $SKEY_MSG" echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG" echo " TCP Wrappers support: $TCPW_MSG"
echo " MD5 password support: $MD5_MSG" echo " MD5 password support: $MD5_MSG"
echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
echo " Use IPv4 by default hack: $IPV4_HACK_MSG" echo " Use IPv4 by default hack: $IPV4_HACK_MSG"
echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
echo " BSD Auth support: $BSD_AUTH_MSG" echo " BSD Auth support: $BSD_AUTH_MSG"
echo " Random number source: $RAND_MSG" echo " Random number source: $RAND_MSG"
if test ! -z "$USE_RAND_HELPER" ; then if test ! -z "$USE_RAND_HELPER" ; then
echo " ssh-rand-helper collects from: $RAND_HELPER_MSG" echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
fi fi
echo "" echo ""

3
pathnames.h
View File

@ -141,7 +141,10 @@
#endif #endif
/* chroot directory for unprivileged user when UsePrivilegeSeparation=yes */ /* chroot directory for unprivileged user when UsePrivilegeSeparation=yes */
#ifndef _PATH_PRIVSEP_CHROOT_DIR
#define _PATH_PRIVSEP_CHROOT_DIR "/var/empty" #define _PATH_PRIVSEP_CHROOT_DIR "/var/empty"
#endif
#ifndef _PATH_LS #ifndef _PATH_LS
#define _PATH_LS "ls" #define _PATH_LS "ls"
#endif #endif