From 0fb7f5985351fbbcd2613d8485482c538e5123be Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Thu, 9 Jun 2016 16:23:07 +1000
Subject: Move prctl PR_SET_DUMPABLE into platform.c.

This should make it easier to add additional platform support such as
Solaris (bz#2584).
---
 sftp-server.c | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

(limited to 'sftp-server.c')

diff --git a/sftp-server.c b/sftp-server.c
index e11a1b89b..646286a3c 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -29,9 +29,6 @@
 #ifdef HAVE_SYS_STATVFS_H
 #include <sys/statvfs.h>
 #endif
-#ifdef HAVE_SYS_PRCTL_H
-#include <sys/prctl.h>
-#endif
 
 #include <dirent.h>
 #include <errno.h>
@@ -1588,16 +1585,13 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
 
 	log_init(__progname, log_level, log_facility, log_stderr);
 
-#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
 	/*
-	 * On Linux, we should try to avoid making /proc/self/{mem,maps}
+	 * On platforms where we can, avoid making /proc/self/{mem,maps}
 	 * available to the user so that sftp access doesn't automatically
 	 * imply arbitrary code execution access that will break
 	 * restricted configurations.
 	 */
-	if (prctl(PR_SET_DUMPABLE, 0) != 0)
-		fatal("unable to make the process undumpable");
-#endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */
+	platform_disable_tracing(1);	/* strict */
 
 	/* Drop any fine-grained privileges we don't need */
 	platform_pledge_sftp_server();
-- 
cgit v1.2.3