diff options
author | Darren Tucker <dtucker@zip.com.au> | 2016-06-14 10:48:27 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2016-06-14 10:48:27 +1000 |
commit | a86ec4d0737ac5879223e7cd9d68c448df46e169 (patch) | |
tree | 3c19c64dcef03b459e5bae0c03e968791c65283d /platform.c | |
parent | 0f916d39b039fdc0b5baf9b5ab0754c0f11ec573 (diff) | |
download | openssh-git-a86ec4d0737ac5879223e7cd9d68c448df46e169.tar.gz |
Use Solaris setpflags(__PROC_PROTECT, ...).
Where possible, use Solaris setpflags to disable process tracing on
ssh-agent and sftp-server. bz#2584, based on a patch from huieying.lee
at oracle.com, ok djm.
Diffstat (limited to 'platform.c')
-rw-r--r-- | platform.c | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -22,6 +22,9 @@ #if defined(HAVE_SYS_PRCTL_H) #include <sys/prctl.h> /* For prctl() and PR_SET_DUMPABLE */ #endif +#ifdef HAVE_PRIV_H +#include <priv.h> /* For setpflags() and __PROC_PROTECT */ +#endif #include <stdarg.h> #include <unistd.h> @@ -229,4 +232,9 @@ platform_disable_tracing(int strict) if (prctl(PR_SET_DUMPABLE, 0) != 0 && strict) fatal("unable to make the process undumpable"); #endif +#if defined(HAVE_SETPFLAGS) && defined(__PROC_PROTECT) + /* On Solaris, we should make this process untraceable */ + if (setpflags(__PROC_PROTECT, 1) != 0 && strict) + fatal("unable to make the process untraceable"); +#endif } |