Move prctl PR_SET_DUMPABLE into platform.c.

This should make it easier to add additional platform support such as Solaris (bz#2584).
author: Darren Tucker <dtucker@zip.com.au> 2016-06-09 16:23:07 +1000
committer: Darren Tucker <dtucker@zip.com.au> 2016-06-09 16:23:07 +1000
commit: 0fb7f5985351fbbcd2613d8485482c538e5123be (patch)
tree: e1f112e1d19fcb004a643bef8ce24c03ea38e5e2 /sftp-server.c
parent: e6508898c3cd838324ecfe1abd0eb8cf802e7106 (diff)
1 files changed, 2 insertions, 8 deletions
diff --git a/sftp-server.c b/sftp-server.c
index e11a1b89b..646286a3c 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -29,9 +29,6 @@
 #ifdef HAVE_SYS_STATVFS_H
 #include <sys/statvfs.h>
 #endif
-#ifdef HAVE_SYS_PRCTL_H
-#include <sys/prctl.h>
-#endif
 #include <dirent.h>
 #include <errno.h>
@@ -1588,16 +1585,13 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
        log_init(__progname, log_level, log_facility, log_stderr);
-#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
        /*
-         * On Linux, we should try to avoid making /proc/self/{mem,maps}
+         * On platforms where we can, avoid making /proc/self/{mem,maps}
         * available to the user so that sftp access doesn't automatically
         * imply arbitrary code execution access that will break
         * restricted configurations.
         */
-        if (prctl(PR_SET_DUMPABLE, 0) != 0)
+        platform_disable_tracing(1);    /* strict */
-                fatal("unable to make the process undumpable");
-#endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */
        /* Drop any fine-grained privileges we don't need */
        platform_pledge_sftp_server();
author	Darren Tucker <dtucker@zip.com.au>	2016-06-09 16:23:07 +1000
committer	Darren Tucker <dtucker@zip.com.au>	2016-06-09 16:23:07 +1000
commit	0fb7f5985351fbbcd2613d8485482c538e5123be (patch)
tree	e1f112e1d19fcb004a643bef8ce24c03ea38e5e2 /sftp-server.c
parent	e6508898c3cd838324ecfe1abd0eb8cf802e7106 (diff)