Mercurial > dropbear

comparison configure.ac @ 1861:2b3a8026a6ce

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add re-exec for server This allows ASLR to re-randomize the address space for every connection, preventing some vulnerabilities from being exploitable by repeated probing. Overhead (memory and time) is yet to be confirmed. At present this is only enabled on Linux. Other BSD platforms with fexecve() would probably also work though have not been tested.
author Matt Johnston <matt@ucc.asn.au>
date Sun, 30 Jan 2022 10:14:56 +0800
parents d34f50b7b9fd
children
comparison
equal deleted inserted replaced
1860:5001e9c5641f 1861:2b3a8026a6ce
384 AC_CHECK_HEADERS([netinet/in.h netinet/tcp.h \ 384 AC_CHECK_HEADERS([netinet/in.h netinet/tcp.h \
385 crypt.h \ 385 crypt.h \
386 pty.h libutil.h libgen.h inttypes.h stropts.h utmp.h \ 386 pty.h libutil.h libgen.h inttypes.h stropts.h utmp.h \
387 utmpx.h lastlog.h paths.h util.h netdb.h security/pam_appl.h \ 387 utmpx.h lastlog.h paths.h util.h netdb.h security/pam_appl.h \
388 pam/pam_appl.h netinet/in_systm.h sys/uio.h linux/pkt_sched.h \ 388 pam/pam_appl.h netinet/in_systm.h sys/uio.h linux/pkt_sched.h \
389 sys/random.h]) 389 sys/random.h sys/prctl.h])
390 390
391 # Checks for typedefs, structures, and compiler characteristics. 391 # Checks for typedefs, structures, and compiler characteristics.
392 AC_C_CONST 392 AC_C_CONST
393 AC_TYPE_UID_T 393 AC_TYPE_UID_T
394 AC_TYPE_MODE_T 394 AC_TYPE_MODE_T
839 AC_PROG_GCC_TRADITIONAL 839 AC_PROG_GCC_TRADITIONAL
840 AC_FUNC_MEMCMP 840 AC_FUNC_MEMCMP
841 AC_FUNC_SELECT_ARGTYPES 841 AC_FUNC_SELECT_ARGTYPES
842 AC_CHECK_FUNCS([getpass getspnam getusershell putenv]) 842 AC_CHECK_FUNCS([getpass getspnam getusershell putenv])
843 AC_CHECK_FUNCS([clearenv strlcpy strlcat daemon basename _getpty getaddrinfo ]) 843 AC_CHECK_FUNCS([clearenv strlcpy strlcat daemon basename _getpty getaddrinfo ])
844 AC_CHECK_FUNCS([freeaddrinfo getnameinfo fork writev getgrouplist]) 844 AC_CHECK_FUNCS([freeaddrinfo getnameinfo fork writev getgrouplist fexecve])
845 845
846 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME)) 846 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
847 847
848 # Solaris needs ptmx 848 # Solaris needs ptmx
849 if test -z "$no_ptmx_check" ; then 849 if test -z "$no_ptmx_check" ; then