Move prctl PR_SET_DUMPABLE into platform.c.

This should make it easier to add additional platform support such as
Solaris (bz#2584).

5 files changed, 20 insertions, 18 deletions

diff --git a/Makefile.in b/Makefile.in
index 76626fc6..1a2e743a 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -92,13 +92,13 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
 	kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
 	kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \
 	kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \
-	platform-pledge.o
+	platform.o platform-pledge.o
 
 SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
 	sshconnect.o sshconnect1.o sshconnect2.o mux.o
 
 SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
-	audit.o audit-bsm.o audit-linux.o platform.o \
+	audit.o audit-bsm.o audit-linux.o \
 	sshpty.o sshlogin.o servconf.o serverloop.o \
 	auth.o auth1.o auth2.o auth-options.o session.o \
 	auth-chall.o auth2-chall.o groupaccess.o \
diff --git a/platform.c b/platform.c
index 1f68df3a..ee3e0691 100644
--- a/platform.c
+++ b/platform.c
@@ -19,6 +19,9 @@
 #include "includes.h"
 
 #include <sys/types.h>
+#if defined(HAVE_SYS_PRCTL_H)
+#include <sys/prctl.h>	/* For prctl() and PR_SET_DUMPABLE */
+#endif
 
 #include <stdarg.h>
 #include <unistd.h>
@@ -217,3 +220,14 @@ platform_sys_dir_uid(uid_t uid)
 #endif
 	return 0;
 }
+
+void
+platform_disable_tracing(int strict)
+{
+#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
+	/* Disable ptrace on Linux without sgid bit */
+	if (prctl(PR_SET_DUMPABLE, 0) != 0)
+		if (strict)
+			fatal("unable to make the process undumpable");
+#endif
+}
diff --git a/platform.h b/platform.h
index e687c99b..e97ecd90 100644
--- a/platform.h
+++ b/platform.h
@@ -31,6 +31,7 @@ void platform_setusercontext_post_groups(struct passwd *);
 char *platform_get_krb5_client(const char *);
 char *platform_krb5_get_principal_name(const char *);
 int platform_sys_dir_uid(uid_t);
+void platform_disable_tracing(int);
 
 /* in platform-pledge.c */
 void platform_pledge_agent(void);
diff --git a/sftp-server.c b/sftp-server.c
index e11a1b89..646286a3 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -29,9 +29,6 @@
 #ifdef HAVE_SYS_STATVFS_H
 #include <sys/statvfs.h>
 #endif
-#ifdef HAVE_SYS_PRCTL_H
-#include <sys/prctl.h>
-#endif
 
 #include <dirent.h>
 #include <errno.h>
@@ -1588,16 +1585,13 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
 
 	log_init(__progname, log_level, log_facility, log_stderr);
 
-#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
 	/*
-	 * On Linux, we should try to avoid making /proc/self/{mem,maps}
+	 * On platforms where we can, avoid making /proc/self/{mem,maps}
 	 * available to the user so that sftp access doesn't automatically
 	 * imply arbitrary code execution access that will break
 	 * restricted configurations.
 	 */
-	if (prctl(PR_SET_DUMPABLE, 0) != 0)
-		fatal("unable to make the process undumpable");
-#endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */
+	platform_disable_tracing(1);	/* strict */
 
 	/* Drop any fine-grained privileges we don't need */
 	platform_pledge_sftp_server();
diff --git a/ssh-agent.c b/ssh-agent.c
index 8aa25b30..25d6ebc5 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -88,10 +88,6 @@
 #include "ssh-pkcs11.h"
 #endif
 
-#if defined(HAVE_SYS_PRCTL_H)
-#include <sys/prctl.h>	/* For prctl() and PR_SET_DUMPABLE */
-#endif
-
 typedef enum {
 	AUTH_UNUSED,
 	AUTH_SOCKET,
@@ -1209,10 +1205,7 @@ main(int ac, char **av)
 	setegid(getgid());
 	setgid(getgid());
 
-#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
-	/* Disable ptrace on Linux without sgid bit */
-	prctl(PR_SET_DUMPABLE, 0);
-#endif
+	platform_disable_tracing(0);	/* strict=no */
 
 #ifdef WITH_OPENSSL
 	OpenSSL_add_all_algorithms();