# HG changeset patch # User Matt Johnston # Date 1553093826 -28800 # Node ID aabde6f57fce4814215d6da067f70f2b3cd6800c # Parent 592a18dac2503a763dca543cfd8c633b1114f447 Add a sanity check for DROPBEAR_SVR_MULTIUSER==0 mode diff -r 592a18dac250 -r aabde6f57fce common-session.c --- a/common-session.c Wed Mar 20 14:44:49 2019 +0000 +++ b/common-session.c Wed Mar 20 22:57:06 2019 +0800 @@ -68,6 +68,16 @@ /* Sets it to lowdelay */ update_channel_prio(); +#if !DROPBEAR_SVR_MULTIUSER + /* A sanity check to prevent an accidental configuration option + leaving multiuser systems exposed */ + errno = 0; + getuid(); + if (errno != ENOSYS) { + dropbear_exit("Non-multiuser Dropbear requires a non-multiuser kernel"); + } +#endif + now = monotonic_now(); ses.connect_time = now; ses.last_packet_time_keepalive_recv = now; diff -r 592a18dac250 -r aabde6f57fce default_options.h --- a/default_options.h Wed Mar 20 14:44:49 2019 +0000 +++ b/default_options.h Wed Mar 20 22:57:06 2019 +0800 @@ -196,7 +196,9 @@ * authorized_keys file into account */ #define DROPBEAR_SVR_PUBKEY_OPTIONS 1 -/* Disable if your kernel does not have multiple user support */ +/* Set this to 0 if your system does not have multiple user support. + (Linux kernel CONFIG_MULTIUSER option) + The resulting binary will not run on a normal system. */ #define DROPBEAR_SVR_MULTIUSER 1 /* Client authentication options */