tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-27 15:54:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Use Solaris setpflags(__PROC_PROTECT, ...).

Browse Source 
Where possible, use Solaris setpflags to disable process tracing on
ssh-agent and sftp-server.  bz#2584, based on a patch from huieying.lee
at oracle.com, ok djm.
This commit is contained in:
Darren Tucker 2016-06-14 10:48:27 +10:00
parent 0f916d39b0
commit a86ec4d073
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
configure.ac
View File

@ -898,6 +898,7 @@ mips-sony-bsd|mips-sony-newsos4)
else else
AC_MSG_RESULT([no]) AC_MSG_RESULT([no])
fi fi
AC_CHECK_FUNCS([setpflags])
AC_CHECK_FUNCS([setppriv]) AC_CHECK_FUNCS([setppriv])
AC_CHECK_FUNCS([priv_basicset]) AC_CHECK_FUNCS([priv_basicset])
AC_CHECK_HEADERS([priv.h]) AC_CHECK_HEADERS([priv.h])

8
platform.c
View File

@ -22,6 +22,9 @@
#if defined(HAVE_SYS_PRCTL_H) #if defined(HAVE_SYS_PRCTL_H)
#include <sys/prctl.h> /* For prctl() and PR_SET_DUMPABLE */ #include <sys/prctl.h> /* For prctl() and PR_SET_DUMPABLE */
#endif #endif
#ifdef HAVE_PRIV_H
#include <priv.h> /* For setpflags() and __PROC_PROTECT */
#endif
#include <stdarg.h> #include <stdarg.h>
#include <unistd.h> #include <unistd.h>
@ -229,4 +232,9 @@ platform_disable_tracing(int strict)
if (prctl(PR_SET_DUMPABLE, 0) != 0 && strict) if (prctl(PR_SET_DUMPABLE, 0) != 0 && strict)
fatal("unable to make the process undumpable"); fatal("unable to make the process undumpable");
#endif #endif
#if defined(HAVE_SETPFLAGS) && defined(__PROC_PROTECT)
/* On Solaris, we should make this process untraceable */
if (setpflags(__PROC_PROTECT, 1) != 0 && strict)
fatal("unable to make the process untraceable");
#endif
} }