} else if (options.forward_agent != 0) {
/* agent forwarding needs to open $SSH_AUTH_SOCK at will */
debug("pledge: agent");
- if (pledge("stdio unix proc tty", NULL) == -1)
+ if (pledge(PLEDGE_EXTRA_INET "stdio unix proc tty", NULL) == -1)
fatal_f("pledge(): %s", strerror(errno));
} else {
debug("pledge: fork");
- if (pledge("stdio proc tty", NULL) == -1)
+ if (pledge(PLEDGE_EXTRA_INET "stdio proc tty", NULL) == -1)
fatal_f("pledge(): %s", strerror(errno));
}
/* XXX further things to do:
AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
[syslog_r function is safe to use in in a signal handler])
TEST_MALLOC_OPTIONS="SJRU"
+ AC_MSG_CHECKING([whether pledge(2) allows IP_TOS])
+ need_pledge_inet=""
+ AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <err.h>
+ ]], [[
+int s, one = 1;
+if ((s = socket(AF_INET, SOCK_STREAM, 0)) == -1)
+ err(1, "socket");
+if (pledge("stdio", NULL) == -1)
+ err(1, "pledge");
+if (setsockopt(s, IPPROTO_IP, IP_TOS, &one, sizeof(one)) == -1)
+ err(1, "setsockopt");
+ ]])],
+ [ AC_MSG_RESULT([yes]) ], [
+ AC_MSG_RESULT([no])
+ need_pledge_inet=1
+ ],
+ [ AC_MSG_WARN([cross compiling: cannot test]) ])
+ if test -z "$need_pledge_inet" ; then
+ AC_DEFINE_UNQUOTED([PLEDGE_EXTRA_INET], [])
+ else
+ AC_DEFINE_UNQUOTED([PLEDGE_EXTRA_INET], ["inet "],
+ [need inet in pledge for setsockopt IP_TOS])
+ fi
;;
*-*-solaris*)
if test "x$withval" != "xno" ; then
projects / thirdparty / openssh-portable.git / commitdiff
