From a86ec4d0737ac5879223e7cd9d68c448df46e169 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 14 Jun 2016 10:48:27 +1000 Subject: Use Solaris setpflags(__PROC_PROTECT, ...). Where possible, use Solaris setpflags to disable process tracing on ssh-agent and sftp-server. bz#2584, based on a patch from huieying.lee at oracle.com, ok djm. --- platform.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'platform.c') diff --git a/platform.c b/platform.c index e3722e4ae..c68bb09c1 100644 --- a/platform.c +++ b/platform.c @@ -22,6 +22,9 @@ #if defined(HAVE_SYS_PRCTL_H) #include /* For prctl() and PR_SET_DUMPABLE */ #endif +#ifdef HAVE_PRIV_H +#include /* For setpflags() and __PROC_PROTECT */ +#endif #include #include @@ -229,4 +232,9 @@ platform_disable_tracing(int strict) if (prctl(PR_SET_DUMPABLE, 0) != 0 && strict) fatal("unable to make the process undumpable"); #endif +#if defined(HAVE_SETPFLAGS) && defined(__PROC_PROTECT) + /* On Solaris, we should make this process untraceable */ + if (setpflags(__PROC_PROTECT, 1) != 0 && strict) + fatal("unable to make the process untraceable"); +#endif } -- cgit v1.2.3