diff options
| -rw-r--r-- | Makefile.in | 4 | ||||
| -rw-r--r-- | platform.c | 14 | ||||
| -rw-r--r-- | platform.h | 1 | ||||
| -rw-r--r-- | sftp-server.c | 10 | ||||
| -rw-r--r-- | ssh-agent.c | 9 |
5 files changed, 20 insertions, 18 deletions
diff --git a/Makefile.in b/Makefile.in index 76626fc6b..1a2e743a6 100644 --- a/Makefile.in +++ b/Makefile.in @@ -92,13 +92,13 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \ - platform-pledge.o + platform.o platform-pledge.o SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ sshconnect.o sshconnect1.o sshconnect2.o mux.o SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ - audit.o audit-bsm.o audit-linux.o platform.o \ + audit.o audit-bsm.o audit-linux.o \ sshpty.o sshlogin.o servconf.o serverloop.o \ auth.o auth1.o auth2.o auth-options.o session.o \ auth-chall.o auth2-chall.o groupaccess.o \ diff --git a/platform.c b/platform.c index 1f68df3a6..ee3e06914 100644 --- a/platform.c +++ b/platform.c @@ -19,6 +19,9 @@ #include "includes.h" #include <sys/types.h> +#if defined(HAVE_SYS_PRCTL_H) +#include <sys/prctl.h> /* For prctl() and PR_SET_DUMPABLE */ +#endif #include <stdarg.h> #include <unistd.h> @@ -217,3 +220,14 @@ platform_sys_dir_uid(uid_t uid) #endif return 0; } + +void +platform_disable_tracing(int strict) +{ +#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) + /* Disable ptrace on Linux without sgid bit */ + if (prctl(PR_SET_DUMPABLE, 0) != 0) + if (strict) + fatal("unable to make the process undumpable"); +#endif +} diff --git a/platform.h b/platform.h index e687c99b6..e97ecd909 100644 --- a/platform.h +++ b/platform.h @@ -31,6 +31,7 @@ void platform_setusercontext_post_groups(struct passwd *); char *platform_get_krb5_client(const char *); char *platform_krb5_get_principal_name(const char *); int platform_sys_dir_uid(uid_t); +void platform_disable_tracing(int); /* in platform-pledge.c */ void platform_pledge_agent(void); diff --git a/sftp-server.c b/sftp-server.c index e11a1b89b..646286a3c 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -29,9 +29,6 @@ #ifdef HAVE_SYS_STATVFS_H #include <sys/statvfs.h> #endif -#ifdef HAVE_SYS_PRCTL_H -#include <sys/prctl.h> -#endif #include <dirent.h> #include <errno.h> @@ -1588,16 +1585,13 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) log_init(__progname, log_level, log_facility, log_stderr); -#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) /* - * On Linux, we should try to avoid making /proc/self/{mem,maps} + * On platforms where we can, avoid making /proc/self/{mem,maps} * available to the user so that sftp access doesn't automatically * imply arbitrary code execution access that will break * restricted configurations. */ - if (prctl(PR_SET_DUMPABLE, 0) != 0) - fatal("unable to make the process undumpable"); -#endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */ + platform_disable_tracing(1); /* strict */ /* Drop any fine-grained privileges we don't need */ platform_pledge_sftp_server(); diff --git a/ssh-agent.c b/ssh-agent.c index 8aa25b30d..25d6ebc53 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -88,10 +88,6 @@ #include "ssh-pkcs11.h" #endif -#if defined(HAVE_SYS_PRCTL_H) -#include <sys/prctl.h> /* For prctl() and PR_SET_DUMPABLE */ -#endif - typedef enum { AUTH_UNUSED, AUTH_SOCKET, @@ -1209,10 +1205,7 @@ main(int ac, char **av) setegid(getgid()); setgid(getgid()); -#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) - /* Disable ptrace on Linux without sgid bit */ - prctl(PR_SET_DUMPABLE, 0); -#endif + platform_disable_tracing(0); /* strict=no */ #ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); |