From a86ec4d0737ac5879223e7cd9d68c448df46e169 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Tue, 14 Jun 2016 10:48:27 +1000
Subject: [PATCH] Use Solaris setpflags(__PROC_PROTECT, ...).

Where possible, use Solaris setpflags to disable process tracing on
ssh-agent and sftp-server.  bz#2584, based on a patch from huieying.lee
at oracle.com, ok djm.
---
 configure.ac | 1 +
 platform.c   | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/configure.ac b/configure.ac
index 663870381..83548767e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -898,6 +898,7 @@ mips-sony-bsd|mips-sony-newsos4)
 	else
 		AC_MSG_RESULT([no])
 	fi
+	AC_CHECK_FUNCS([setpflags])
 	AC_CHECK_FUNCS([setppriv])
 	AC_CHECK_FUNCS([priv_basicset])
 	AC_CHECK_HEADERS([priv.h])
diff --git a/platform.c b/platform.c
index e3722e4ae..c68bb09c1 100644
--- a/platform.c
+++ b/platform.c
@@ -22,6 +22,9 @@
 #if defined(HAVE_SYS_PRCTL_H)
 #include <sys/prctl.h>	/* For prctl() and PR_SET_DUMPABLE */
 #endif
+#ifdef HAVE_PRIV_H
+#include <priv.h> /* For setpflags() and __PROC_PROTECT  */
+#endif
 
 #include <stdarg.h>
 #include <unistd.h>
@@ -229,4 +232,9 @@ platform_disable_tracing(int strict)
 	if (prctl(PR_SET_DUMPABLE, 0) != 0 && strict)
 		fatal("unable to make the process undumpable");
 #endif
+#if defined(HAVE_SETPFLAGS) && defined(__PROC_PROTECT)
+	/* On Solaris, we should make this process untraceable */
+	if (setpflags(__PROC_PROTECT, 1) != 0 && strict)
+		fatal("unable to make the process untraceable");
+#endif
 }