diff options
Diffstat (limited to 'sftp-server.c')
-rw-r--r-- | sftp-server.c | 10 |
1 files changed, 2 insertions, 8 deletions
diff --git a/sftp-server.c b/sftp-server.c index e11a1b89..646286a3 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -29,9 +29,6 @@ #ifdef HAVE_SYS_STATVFS_H #include <sys/statvfs.h> #endif -#ifdef HAVE_SYS_PRCTL_H -#include <sys/prctl.h> -#endif #include <dirent.h> #include <errno.h> @@ -1588,16 +1585,13 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) log_init(__progname, log_level, log_facility, log_stderr); -#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) /* - * On Linux, we should try to avoid making /proc/self/{mem,maps} + * On platforms where we can, avoid making /proc/self/{mem,maps} * available to the user so that sftp access doesn't automatically * imply arbitrary code execution access that will break * restricted configurations. */ - if (prctl(PR_SET_DUMPABLE, 0) != 0) - fatal("unable to make the process undumpable"); -#endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */ + platform_disable_tracing(1); /* strict */ /* Drop any fine-grained privileges we don't need */ platform_pledge_sftp_server(); |