From 96855818b6169572cc2393bac86493442c186c1d Mon Sep 17 00:00:00 2001 From: des Date: Wed, 6 Mar 2013 13:46:20 +0000 Subject: Explicitly disable lastlog, utmp and wtmp. --- crypto/openssh/FREEBSD-upgrade | 1 + crypto/openssh/config.h | 51 +++++++++++++++++++++++++++++++++++------- 2 files changed, 44 insertions(+), 8 deletions(-) (limited to 'crypto') diff --git a/crypto/openssh/FREEBSD-upgrade b/crypto/openssh/FREEBSD-upgrade index 03b7dbf..0d88fb7 100644 --- a/crypto/openssh/FREEBSD-upgrade +++ b/crypto/openssh/FREEBSD-upgrade @@ -43,6 +43,7 @@ 7) Run configure with the appropriate arguments: $ ./configure --prefix=/usr --sysconfdir=/etc/ssh \ + --disable-lastlog --disable-utmp --disable-wtmp \ --with-pam --with-tcp-wrappers --with-libedit \ --with-ssl-engine diff --git a/crypto/openssh/config.h b/crypto/openssh/config.h index 49f4ec3..614c2aa 100644 --- a/crypto/openssh/config.h +++ b/crypto/openssh/config.h @@ -17,6 +17,9 @@ /* Define if your resolver libs need this for getrrsetbyname */ /* #undef BIND_8_COMPAT */ +/* The system has incomplete BSM API */ +/* #undef BROKEN_BSM_API */ + /* Define if cmsg_type is not passed correctly */ /* #undef BROKEN_CMSG_TYPE */ @@ -97,7 +100,7 @@ /* #undef DISABLE_FD_PASSING */ /* Define if you don't want to use lastlog */ -/* #undef DISABLE_LASTLOG */ +#define DISABLE_LASTLOG 1 /* Define if you don't want to use your system's login() call */ /* #undef DISABLE_LOGIN */ @@ -307,7 +310,7 @@ #define HAVE_DECL__GETSHORT 0 /* Define if you have /dev/ptmx */ -#define HAVE_DEV_PTMX 1 +/* #undef HAVE_DEV_PTMX */ /* Define if you have /dev/ptc */ /* #undef HAVE_DEV_PTS_AND_PTC */ @@ -316,7 +319,7 @@ #define HAVE_DIRENT_H 1 /* Define to 1 if you have the `dirfd' function. */ -/* #undef HAVE_DIRFD */ +#define HAVE_DIRFD 1 /* Define to 1 if you have the `dirname' function. */ #define HAVE_DIRNAME 1 @@ -501,6 +504,9 @@ /* Define if HEADER.ad exists in arpa/nameser.h */ #define HAVE_HEADER_AD 1 +/* Define to 1 if you have the `HMAC_CTX_init' function. */ +#define HAVE_HMAC_CTX_INIT 1 + /* Define if you have ut_host in utmp.h */ /* #undef HAVE_HOST_IN_UTMP */ @@ -552,6 +558,9 @@ /* Define to 1 if you have the header file. */ /* #undef HAVE_LASTLOG_H */ +/* Define if you want ldns support */ +/* #undef HAVE_LDNS */ + /* Define to 1 if you have the header file. */ /* #undef HAVE_LIBAUDIT_H */ @@ -594,10 +603,19 @@ /* Define to 1 if you have the header file. */ #define HAVE_LIMITS_H 1 +/* Define to 1 if you have the header file. */ +/* #undef HAVE_LINUX_AUDIT_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_LINUX_FILTER_H */ + /* Define to 1 if you have the header file. */ /* #undef HAVE_LINUX_IF_TUN_H */ -/* Define if your libraries define login() */ +/* Define to 1 if you have the header file. */ +/* #undef HAVE_LINUX_SECCOMP_H */ + +/* Define to 1 if you have the `login' function. */ /* #undef HAVE_LOGIN */ /* Define to 1 if you have the header file. */ @@ -805,6 +823,9 @@ /* Define to 1 if you have the `setgroups' function. */ #define HAVE_SETGROUPS 1 +/* Define to 1 if you have the `setlinebuf' function. */ +#define HAVE_SETLINEBUF 1 + /* Define to 1 if you have the `setlogin' function. */ #define HAVE_SETLOGIN 1 @@ -931,8 +952,11 @@ /* Define to 1 if you have the `strmode' function. */ #define HAVE_STRMODE 1 +/* Define to 1 if you have the `strnlen' function. */ +#define HAVE_STRNLEN 1 + /* Define to 1 if you have the `strnvis' function. */ -/* #undef HAVE_STRNVIS */ +#define HAVE_STRNVIS 1 /* Define to 1 if you have the `strptime' function. */ #define HAVE_STRPTIME 1 @@ -1351,15 +1375,21 @@ /* Sandbox using setrlimit(2) */ #define SANDBOX_RLIMIT 1 +/* Sandbox using seccomp filter */ +/* #undef SANDBOX_SECCOMP_FILTER */ + +/* setrlimit RLIMIT_FSIZE works */ +/* #undef SANDBOX_SKIP_RLIMIT_FSIZE */ + /* Sandbox using systrace(4) */ /* #undef SANDBOX_SYSTRACE */ +/* Specify the system call convention in use */ +/* #undef SECCOMP_AUDIT_ARCH */ + /* Define if your platform breaks doing a seteuid before a setuid */ /* #undef SETEUID_BREAKS_SETUID */ -/* The size of `char', as computed by sizeof. */ -#define SIZEOF_CHAR 1 - /* The size of `int', as computed by sizeof. */ #define SIZEOF_INT 4 @@ -1500,6 +1530,11 @@ /* Define if xauth is found in your path */ /* #undef XAUTH_PATH */ +/* Enable large inode numbers on Mac OS X 10.5. */ +#ifndef _DARWIN_USE_64_BIT_INODE +# define _DARWIN_USE_64_BIT_INODE 1 +#endif + /* Number of bits in a file offset, on hosts where this is settable. */ /* #undef _FILE_OFFSET_BITS */ -- cgit v1.1