Use Solaris setpflags(__PROC_PROTECT, ...).

Where possible, use Solaris setpflags to disable process tracing on ssh-agent and sftp-server. bz#2584, based on a patch from huieying.lee at oracle.com, ok djm.
author: Darren Tucker <dtucker@zip.com.au> 2016-06-14 10:48:27 +1000
committer: Darren Tucker <dtucker@zip.com.au> 2016-06-14 10:48:27 +1000
commit: a86ec4d0737ac5879223e7cd9d68c448df46e169 (patch)
tree: 3c19c64dcef03b459e5bae0c03e968791c65283d /platform.c
parent: 0f916d39b039fdc0b5baf9b5ab0754c0f11ec573 (diff)
download: openssh-git-a86ec4d0737ac5879223e7cd9d68c448df46e169.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/platform.c b/platform.c
index e3722e4a..c68bb09c 100644
--- a/platform.c
+++ b/platform.c
@@ -22,6 +22,9 @@
 #if defined(HAVE_SYS_PRCTL_H)
 #include <sys/prctl.h>	/* For prctl() and PR_SET_DUMPABLE */
 #endif
+#ifdef HAVE_PRIV_H
+#include <priv.h> /* For setpflags() and __PROC_PROTECT  */
+#endif
 
 #include <stdarg.h>
 #include <unistd.h>
@@ -229,4 +232,9 @@ platform_disable_tracing(int strict)
 	if (prctl(PR_SET_DUMPABLE, 0) != 0 && strict)
 		fatal("unable to make the process undumpable");
 #endif
+#if defined(HAVE_SETPFLAGS) && defined(__PROC_PROTECT)
+	/* On Solaris, we should make this process untraceable */
+	if (setpflags(__PROC_PROTECT, 1) != 0 && strict)
+		fatal("unable to make the process untraceable");
+#endif
 }
author	Darren Tucker <dtucker@zip.com.au>	2016-06-14 10:48:27 +1000
committer	Darren Tucker <dtucker@zip.com.au>	2016-06-14 10:48:27 +1000
commit	a86ec4d0737ac5879223e7cd9d68c448df46e169 (patch)
tree	3c19c64dcef03b459e5bae0c03e968791c65283d /platform.c
parent	0f916d39b039fdc0b5baf9b5ab0754c0f11ec573 (diff)
download	openssh-git-a86ec4d0737ac5879223e7cd9d68c448df46e169.tar.gz