Use Solaris setpflags(__PROC_PROTECT, ...).

Where possible, use Solaris setpflags to disable process tracing on ssh-agent and sftp-server. bz#2584, based on a patch from huieying.lee at oracle.com, ok djm.
author: Darren Tucker <dtucker@zip.com.au> 2016-06-14 10:48:27 +1000
committer: Darren Tucker <dtucker@zip.com.au> 2016-06-14 10:48:27 +1000
commit: a86ec4d0737ac5879223e7cd9d68c448df46e169 (patch)
tree: 3c19c64dcef03b459e5bae0c03e968791c65283d /platform.c
parent: 0f916d39b039fdc0b5baf9b5ab0754c0f11ec573 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/platform.c b/platform.c
index e3722e4ae..c68bb09c1 100644
--- a/platform.c
+++ b/platform.c
@@ -22,6 +22,9 @@
 #if defined(HAVE_SYS_PRCTL_H)
 #include <sys/prctl.h>  /* For prctl() and PR_SET_DUMPABLE */
 #endif
+#ifdef HAVE_PRIV_H
+#include <priv.h> /* For setpflags() and __PROC_PROTECT  */
+#endif
 #include <stdarg.h>
 #include <unistd.h>
@@ -229,4 +232,9 @@ platform_disable_tracing(int strict)
        if (prctl(PR_SET_DUMPABLE, 0) != 0 && strict)
                fatal("unable to make the process undumpable");
 #endif
+#if defined(HAVE_SETPFLAGS) && defined(__PROC_PROTECT)
+        /* On Solaris, we should make this process untraceable */
+        if (setpflags(__PROC_PROTECT, 1) != 0 && strict)
+                fatal("unable to make the process untraceable");
+#endif
 }
author	Darren Tucker <dtucker@zip.com.au>	2016-06-14 10:48:27 +1000
committer	Darren Tucker <dtucker@zip.com.au>	2016-06-14 10:48:27 +1000
commit	a86ec4d0737ac5879223e7cd9d68c448df46e169 (patch)
tree	3c19c64dcef03b459e5bae0c03e968791c65283d /platform.c
parent	0f916d39b039fdc0b5baf9b5ab0754c0f11ec573 (diff)