- (bal) if mmap() is substandard, don't allow compression on server side.

Post 'event' we will add more options.

ChangeLog

@@ -4,6 +4,8 @@
  - (djm) Create privsep directory and warn if privsep user is missing 
    during make install
  - (bal) Started list of PrivSep issues in TODO
+ - (bal) if mmap() is substandard, don't allow compression on server side.
+   Post 'event' we will add more options.
 
 20020624
  - OpenBSD CVS Sync
@@ -1089,4 +1091,4 @@
  - (stevesk) entropy.c: typo in debug message
  - (djm) ssh-keygen -i needs seeded RNG; report from markus@
 
-$Id: ChangeLog,v 1.2268 2002/06/25 02:28:22 mouring Exp $
+$Id: ChangeLog,v 1.2269 2002/06/25 03:22:03 mouring Exp $

acconfig.h

@@ -1,4 +1,4 @@
-/* $Id: acconfig.h,v 1.139 2002/06/24 16:26:49 stevesk Exp $ */
+/* $Id: acconfig.h,v 1.140 2002/06/25 03:22:04 mouring Exp $ */
 
 #ifndef _CONFIG_H
 #define _CONFIG_H
@@ -355,6 +355,9 @@
 /* Path that unprivileged child will chroot() to in privep mode */
 #undef PRIVSEP_PATH
 
+/* Define if you have the `mmap' function that supports MAP_ANON|SHARED */
+#undef HAVE_MMAP_ANON_SHARED
+
 @BOTTOM@
 
 /* ******************* Shouldn't need to edit below this line ************** */

configure.ac

@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.70 2002/06/25 00:24:48 djm Exp $
+# $Id: configure.ac,v 1.71 2002/06/25 03:22:04 mouring Exp $
 
 AC_INIT
 AC_CONFIG_SRCDIR([ssh.c])
@@ -574,6 +574,30 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \
 	socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
 	truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
 
+if test $ac_cv_func_mmap = yes ; then
+AC_MSG_CHECKING([for mmap anon shared])
+AC_TRY_RUN(
+	[
+#include <stdio.h>
+#include <sys/mman.h>
+#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
+#define MAP_ANON MAP_ANONYMOUS
+#endif
+main() { char *p;
+p = (char *) mmap(NULL, 10, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0);
+if (p == (char *)-1)
+	exit(1);
+exit(0);
+}
+	],
+	[
+		AC_MSG_RESULT(yes)
+		AC_DEFINE(HAVE_MMAP_ANON_SHARED)
+	],
+	[ AC_MSG_RESULT(no) ] 
+)
+fi
+
 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
 	AC_CHECK_LIB(gen, dirname,[

monitor_mm.c

@@ -84,13 +84,11 @@ mm_create(struct mm_master *mmalloc, size_t size)
 	 */
 	mm->mmalloc = mmalloc;
 
-#if  defined(HAVE_MMAP) && defined(MAP_ANON)
+#ifdef HAVE_MMAP_ANON_SHARED
 	address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED,
 	    -1, 0);
-	if (address == MAP_FAILED)
-		fatal("mmap(%lu): %s", (u_long)size, strerror(errno));
 #else
-	fatal("%s: UsePrivilegeSeparation=yes not supported",
+	fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported",
 	    __func__);
 #endif
 

servconf.c

@@ -257,7 +257,7 @@ fill_default_server_options(ServerOptions *options)
 	if (use_privsep == -1)
 		use_privsep = 1;
 
-#if !defined(HAVE_MMAP) || !defined(MAP_ANON)
+#if !defined(HAVE_MMAP_ANON_SHARED)
 	if (use_privsep && options->compression == 1) {
 		error("This platform does not support both privilege "
 		    "separation and compression");