Hello, I use OpenSSH version 3.8.1p1. It works very good. I compile new version OpenSSH 3.9p1 but I get following warning: configure: WARNING: sys/ptms.h: present but cannot be compiled configure: WARNING: sys/ptms.h: check for missing prerequisite headers? configure: WARNING: sys/ptms.h: see the Autoconf documentation configure: WARNING: sys/ptms.h: section "Present But Cannot Be Compiled" configure: WARNING: sys/ptms.h: proceeding with the preprocessor's result configure: WARNING: sys/ptms.h: in the future, the compiler will take precedence configure: WARNING: ## ------------------------------------------ ## configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## configure: WARNING: ## ------------------------------------------ ## and also following info: WARNING: the operating system that you are using does not appear to support either the getpeereid() API nor the SO_PEERCRED getsockopt() option. These facilities are used to enforce security checks to prevent unauthorised connections to ssh-agent. Their absence increases the risk that a malicious user can connect to your agent. I use: System Solaris 9/SPARC gcc - 3.3.2 autoconf - 2.59 automake - 1.9 Is it bug in openssh, solaris, gcc or autoconf ? Tanks for your help. Slawek -- S?awomir Sta?czak PAM/Szczecin/Poland email: sws[AT]ams.edu.pl tel. +48 91 4800796
Slawomir Stanczak wrote:> I use OpenSSH version 3.8.1p1. It works very good. > I compile new version OpenSSH 3.9p1 but I get following > warning:[snip autoconf and getpeereid warnings]> Is it bug in openssh, solaris, gcc or autoconf ?No, they're both warnings. The first one is because the autoconf folks appear to be changing the way the AC_CHECK_HEADERS macro work (and, to their credit, they're providing sufficient warning). This particular instance has already been fixed in the development version. The second one is also a warning about Solaris' lack of any way to figure out who owns the process connecting to a Unix domain socket (at least, any that we know about, if there *is* a way then we'd like to use it). The risk here is that if the perms on the agent socket get messed up then a malicious user could trick your agent into authenticating a connection for them. This has always been the case on many platforms, but the warning for such platforms is new. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.