1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
$OpenBSD$
Index: configure.ac
--- configure.ac.orig
+++ configure.ac
@@ -52,13 +52,78 @@ AC_ARG_WITH(appdefaultdir,
AC_SUBST(appdefaultdir)
AC_SEARCH_LIBS(openpty, [util])
-AC_CHECK_FUNC(openpty, [HAS_OPENPTY="yes"])
-if test "x$HAS_OPENPTY" = "xyes" ; then
- AC_DEFINE([HAS_OPENPTY], 1,
+AC_CHECK_FUNC(openpty, [HAVE_OPENPTY="yes"])
+if test "x$HAVE_OPENPTY" = "xyes" ; then
+ AC_DEFINE([HAVE_OPENPTY], 1,
[Define to 1 if you have the 'openpty' function.])
AC_CHECK_HEADERS([util.h libutil.h pty.h], [break])
fi
+# Privilege separation when running as root
+AC_ARG_ENABLE(privsep,
+ AC_HELP_STRING([--enable-privsep],
+ [enable privilege separation]),
+ [USE_PRIVSEP="$enableval"],
+ USE_PRIVSEP="no")
+# Privilege separation requires openpty()
+if test "x$HAVE_OPENPTY" = "xno" ; then
+ AC_MSG_ERROR([privilege separation code requires openpty()])
+ USE_PRIVSEP="no"
+fi
+if test "x$USE_PRIVSEP" = "xyes" ; then
+ AC_DEFINE([USE_PRIVSEP], 1, [Define to 1 to use privilege separation])
+ AC_SEARCH_LIBS(setproctitle, [util])
+ AC_CHECK_FUNC(setproctitle, [HAVE_SETPROCTITLE="yes"])
+ if test "x$HAVE_SETPROCTILE" = "xyes" ; then
+ AC_DEFINE([HAVE_SETPROCTITLE], 1,
+ [Define to 1 if you have the 'setproctitle function.])
+ fi
+ AC_CHECK_FUNCS(setresuid, [
+ dnl Some platorms have setresuid that isn't implemented,
+ dnl test for this
+ AC_MSG_CHECKING(if setresuid seems to work)
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdlib.h>
+#include <errno.h>
+int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
+ ]])],
+ [AC_MSG_RESULT(yes)],
+ [AC_DEFINE(BROKEN_SETRESUID, 1,
+ [ENOSYS: Not implemented])
+ AC_MSG_RESULT(not implemented)]
+ )
+ ])
+
+ AC_CHECK_FUNCS(setresgid, [
+ dnl Some platorms have setresgid that isn't implemented,
+ dnl test for this
+ AC_MSG_CHECKING(if setresgid seems to work)
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdlib.h>
+#include <errno.h>
+int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
+ ]])],
+ [AC_MSG_RESULT(yes)],
+ [AC_DEFINE(BROKEN_SETRESGID, 1,
+ [ENOSYS: Not implemented])
+ AC_MSG_RESULT(not implemented)]
+ )
+ ])
+fi
+AM_CONDITIONAL(USE_PRIVSEP, test "x$USE_PRIVSEP" = "xyes")
+AC_ARG_WITH(privsep-user,
+ AC_HELP_STRING([--with-privsep-user=user],
+ [Specify privilege separation user]),
+ privsep_user="$withval",
+ privsep_user="_x11")
+if test "x$USE_PRIVSEP" = "xyes" ; then
+ AC_DEFINE_UNQUOTED(XCONSOLE_USER, "$privsep_user",
+ [Unprivileged userid])
+fi
+
+AC_SUBST(privsep_user)
AC_CONFIG_FILES([
Makefile
|
