- (djm) [configure.ac ssh-agent.c] Use prctl to prevent ptrace on ssh-agent

ok dtucker
author: Damien Miller <djm@mindrot.org> 2004-03-03 01:08:59 +0100
committer: Damien Miller <djm@mindrot.org> 2004-03-03 01:08:59 +0100
commit: 6c4914afccb0c188a2c412d12dfb1b73e362e07e (patch)
tree: 720ddd294683bd12f98f7b98c55830c5349ef2b0 /ssh-agent.c
parent: - (tim) [configure.ac] Put back bits mistakenly removed from Rev 1.188 (diff)
download: openssh-6c4914afccb0c188a2c412d12dfb1b73e362e07e.tar.xz
openssh-6c4914afccb0c188a2c412d12dfb1b73e362e07e.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/ssh-agent.c b/ssh-agent.c
index e5232fc9b..f5fce6b2a 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -57,6 +57,10 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.117 2003/12/02 17:01:15 markus Exp $");
 #include "scard.h"
 #endif
 
+#if defined(HAVE_SYS_PRCTL_H)
+#include <sys/prctl.h>	/* For prctl() and PR_SET_DUMPABLE */
+#endif
+
 typedef enum {
 	AUTH_UNUSED,
 	AUTH_SOCKET,
@@ -1023,6 +1027,11 @@ main(int ac, char **av)
 	setegid(getgid());
 	setgid(getgid());
 
+#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
+	/* Disable ptrace on Linux without sgid bit */
+	prctl(PR_SET_DUMPABLE, 0);
+#endif
+
 	SSLeay_add_all_algorithms();
 
 	__progname = ssh_get_progname(av[0]);
author	Damien Miller <djm@mindrot.org>	2004-03-03 01:08:59 +0100
committer	Damien Miller <djm@mindrot.org>	2004-03-03 01:08:59 +0100
commit	6c4914afccb0c188a2c412d12dfb1b73e362e07e (patch)
tree	720ddd294683bd12f98f7b98c55830c5349ef2b0 /ssh-agent.c
parent	- (tim) [configure.ac] Put back bits mistakenly removed from Rev 1.188 (diff)
download	openssh-6c4914afccb0c188a2c412d12dfb1b73e362e07e.tar.xz openssh-6c4914afccb0c188a2c412d12dfb1b73e362e07e.zip