diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2016-06-09 08:23:07 +0200 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2016-06-09 08:23:07 +0200 |
| commit | 0fb7f5985351fbbcd2613d8485482c538e5123be (patch) | |
| tree | e1f112e1d19fcb004a643bef8ce24c03ea38e5e2 /sftp-server.c | |
| parent | upstream commit (diff) | |
| download | openssh-0fb7f5985351fbbcd2613d8485482c538e5123be.tar.xz openssh-0fb7f5985351fbbcd2613d8485482c538e5123be.zip | |
Move prctl PR_SET_DUMPABLE into platform.c.
This should make it easier to add additional platform support such as
Solaris (bz#2584).
Diffstat (limited to 'sftp-server.c')
| -rw-r--r-- | sftp-server.c | 10 |
1 files changed, 2 insertions, 8 deletions
diff --git a/sftp-server.c b/sftp-server.c index e11a1b89b..646286a3c 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -29,9 +29,6 @@ #ifdef HAVE_SYS_STATVFS_H #include <sys/statvfs.h> #endif -#ifdef HAVE_SYS_PRCTL_H -#include <sys/prctl.h> -#endif #include <dirent.h> #include <errno.h> @@ -1588,16 +1585,13 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) log_init(__progname, log_level, log_facility, log_stderr); -#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) /* - * On Linux, we should try to avoid making /proc/self/{mem,maps} + * On platforms where we can, avoid making /proc/self/{mem,maps} * available to the user so that sftp access doesn't automatically * imply arbitrary code execution access that will break * restricted configurations. */ - if (prctl(PR_SET_DUMPABLE, 0) != 0) - fatal("unable to make the process undumpable"); -#endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */ + platform_disable_tracing(1); /* strict */ /* Drop any fine-grained privileges we don't need */ platform_pledge_sftp_server(); |