diff options
author | markus@openbsd.org <markus@openbsd.org> | 2017-05-31 10:04:29 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2017-06-01 14:55:23 +1000 |
commit | 84008608c9ee944d9f72f5100f31ccff743b10f2 (patch) | |
tree | d7e6d3145d5e8a6c7a4377bae278e7dda5e47575 /monitor.c | |
parent | 9e509d4ec97cb3d71696f1a2f1fdad254cbbce11 (diff) | |
download | openssh-git-84008608c9ee944d9f72f5100f31ccff743b10f2.tar.gz |
upstream commit
use SO_ZEROIZE for privsep communication (if available)
Upstream-ID: abcbb6d2f8039fc4367a6a78096e5d5c39de4a62
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 11 |
1 files changed, 10 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.170 2017/05/31 08:09:45 markus Exp $ */ +/* $OpenBSD: monitor.c,v 1.171 2017/05/31 10:04:29 markus Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -1655,9 +1655,18 @@ static void monitor_openfds(struct monitor *mon, int do_logfds) { int pair[2]; +#ifdef SO_ZEROIZE + int on = 1; +#endif if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) fatal("%s: socketpair: %s", __func__, strerror(errno)); +#ifdef SO_ZEROIZE + if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0) + error("setsockopt SO_ZEROIZE(0): %.100s", strerror(errno)); + if (setsockopt(pair[1], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0) + error("setsockopt SO_ZEROIZE(1): %.100s", strerror(errno)); +#endif FD_CLOSEONEXEC(pair[0]); FD_CLOSEONEXEC(pair[1]); mon->m_recvfd = pair[0]; |