Disable tracing on FreeBSD using procctl.

Placed at the start of platform_disable_tracing() to prevent declaration after code errors from strict C89 compilers (in the unlikely event that more than one method is enabled).
author: David Carlier <devnexen@gmail.com> 2021-09-08 19:49:54 +0100
committer: Darren Tucker <dtucker@dtucker.net> 2021-09-09 18:13:27 +1000
commit: 2d678c5e3bdc2f5c99f7af5122e9d054925d560d (patch)
tree: faedf070bc5daff66a859e9ca06cc9819d9ae472 /platform-tracing.c
parent: 73050fa38fb36ae3326d768b574806352b97002d (diff)
download: openssh-git-2d678c5e3bdc2f5c99f7af5122e9d054925d560d.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/platform-tracing.c b/platform-tracing.c
index 4c80a282..0daf2a86 100644
--- a/platform-tracing.c
+++ b/platform-tracing.c
@@ -17,6 +17,9 @@
 #include "includes.h"
 
 #include <sys/types.h>
+#ifdef HAVE_SYS_PROCCTL_H
+#include <sys/procctl.h>
+#endif
 #if defined(HAVE_SYS_PRCTL_H)
 #include <sys/prctl.h>	/* For prctl() and PR_SET_DUMPABLE */
 #endif
@@ -33,6 +36,13 @@
 void
 platform_disable_tracing(int strict)
 {
+#if defined(HAVE_PROCCTL) && defined(PROC_TRACE_CTL)
+	/* On FreeBSD, we should make this process untraceable */
+	int disable_trace = PROC_TRACE_CTL_DISABLE;
+
+	if (procctl(P_PID, 0, PROC_TRACE_CTL, &disable_trace) && strict)
+		fatal("unable to make the process untraceable");
+#endif
 #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
 	/* Disable ptrace on Linux without sgid bit */
 	if (prctl(PR_SET_DUMPABLE, 0) != 0 && strict)
author	David Carlier <devnexen@gmail.com>	2021-09-08 19:49:54 +0100
committer	Darren Tucker <dtucker@dtucker.net>	2021-09-09 18:13:27 +1000
commit	2d678c5e3bdc2f5c99f7af5122e9d054925d560d (patch)
tree	faedf070bc5daff66a859e9ca06cc9819d9ae472 /platform-tracing.c
parent	73050fa38fb36ae3326d768b574806352b97002d (diff)
download	openssh-git-2d678c5e3bdc2f5c99f7af5122e9d054925d560d.tar.gz