diff options
Diffstat (limited to 'sftp-server.c')
| -rw-r--r-- | sftp-server.c | 10 |
1 files changed, 2 insertions, 8 deletions
diff --git a/sftp-server.c b/sftp-server.c index e11a1b89b..646286a3c 100644 --- a/sftp-server.c +++ b/sftp-server.c | |||
| @@ -29,9 +29,6 @@ | |||
| 29 | #ifdef HAVE_SYS_STATVFS_H | 29 | #ifdef HAVE_SYS_STATVFS_H |
| 30 | #include <sys/statvfs.h> | 30 | #include <sys/statvfs.h> |
| 31 | #endif | 31 | #endif |
| 32 | #ifdef HAVE_SYS_PRCTL_H | ||
| 33 | #include <sys/prctl.h> | ||
| 34 | #endif | ||
| 35 | 32 | ||
| 36 | #include <dirent.h> | 33 | #include <dirent.h> |
| 37 | #include <errno.h> | 34 | #include <errno.h> |
| @@ -1588,16 +1585,13 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) | |||
| 1588 | 1585 | ||
| 1589 | log_init(__progname, log_level, log_facility, log_stderr); | 1586 | log_init(__progname, log_level, log_facility, log_stderr); |
| 1590 | 1587 | ||
| 1591 | #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) | ||
| 1592 | /* | 1588 | /* |
| 1593 | * On Linux, we should try to avoid making /proc/self/{mem,maps} | 1589 | * On platforms where we can, avoid making /proc/self/{mem,maps} |
| 1594 | * available to the user so that sftp access doesn't automatically | 1590 | * available to the user so that sftp access doesn't automatically |
| 1595 | * imply arbitrary code execution access that will break | 1591 | * imply arbitrary code execution access that will break |
| 1596 | * restricted configurations. | 1592 | * restricted configurations. |
| 1597 | */ | 1593 | */ |
| 1598 | if (prctl(PR_SET_DUMPABLE, 0) != 0) | 1594 | platform_disable_tracing(1); /* strict */ |
| 1599 | fatal("unable to make the process undumpable"); | ||
| 1600 | #endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */ | ||
| 1601 | 1595 | ||
| 1602 | /* Drop any fine-grained privileges we don't need */ | 1596 | /* Drop any fine-grained privileges we don't need */ |
| 1603 | platform_pledge_sftp_server(); | 1597 | platform_pledge_sftp_server(); |