summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2014-04-01 14:38:07 +1100
committerDamien Miller <djm@mindrot.org>2014-04-01 14:38:07 +1100
commit14928b7492abec82afa4c2b778fc03f78cd419b6 (patch)
treebed8b997bd4afbd236e25ee415d94f2cfe42f576
parent48abc47e60048461fe9117e108a7e99ea1ac2bb8 (diff)
- (djm) On platforms that support it, use prctl() to prevent sftp-server
from accessing /proc/self/{mem,maps}; patch from jann AT thejh.net
-rw-r--r--ChangeLog4
-rw-r--r--sftp-server.c14
2 files changed, 18 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 4e6b8b2d5..68d8a2a29 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
120140401
2 - (djm) On platforms that support it, use prctl() to prevent sftp-server
3 from accessing /proc/self/{mem,maps}; patch from jann AT thejh.net
4
120140317 520140317
2 - (djm) [sandbox-seccomp-filter.c] Soft-fail stat() syscalls. Add XXX to 6 - (djm) [sandbox-seccomp-filter.c] Soft-fail stat() syscalls. Add XXX to
3 remind myself to add sandbox violation logging via the log socket. 7 remind myself to add sandbox violation logging via the log socket.
diff --git a/sftp-server.c b/sftp-server.c
index b8eb59c36..77834117c 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -29,6 +29,9 @@
29#ifdef HAVE_SYS_STATVFS_H 29#ifdef HAVE_SYS_STATVFS_H
30#include <sys/statvfs.h> 30#include <sys/statvfs.h>
31#endif 31#endif
32#ifdef HAVE_SYS_PRCTL_H
33#include <sys/prctl.h>
34#endif
32 35
33#include <dirent.h> 36#include <dirent.h>
34#include <errno.h> 37#include <errno.h>
@@ -1523,6 +1526,17 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
1523 1526
1524 log_init(__progname, log_level, log_facility, log_stderr); 1527 log_init(__progname, log_level, log_facility, log_stderr);
1525 1528
1529#ifdef HAVE_PRCTL
1530 /*
1531 * On Linux, we should try to avoid making /proc/self/{mem,maps}
1532 * available to the user so that sftp access doesn't automatically
1533 * imply arbitrary code execution access that will break
1534 * restricted configurations.
1535 */
1536 if (prctl(PR_SET_DUMPABLE, 0) != 0)
1537 fatal("unable to make the process undumpable");
1538#endif
1539
1526 if ((cp = getenv("SSH_CONNECTION")) != NULL) { 1540 if ((cp = getenv("SSH_CONNECTION")) != NULL) {
1527 client_addr = xstrdup(cp); 1541 client_addr = xstrdup(cp);
1528 if ((cp = strchr(client_addr, ' ')) == NULL) { 1542 if ((cp = strchr(client_addr, ' ')) == NULL) {