diff options
author | Damien Miller <djm@mindrot.org> | 2014-04-01 14:38:07 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2014-04-01 14:38:07 +1100 |
commit | 14928b7492abec82afa4c2b778fc03f78cd419b6 (patch) | |
tree | bed8b997bd4afbd236e25ee415d94f2cfe42f576 /sftp-server.c | |
parent | 48abc47e60048461fe9117e108a7e99ea1ac2bb8 (diff) |
- (djm) On platforms that support it, use prctl() to prevent sftp-server
from accessing /proc/self/{mem,maps}; patch from jann AT thejh.net
Diffstat (limited to 'sftp-server.c')
-rw-r--r-- | sftp-server.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/sftp-server.c b/sftp-server.c index b8eb59c3..77834117 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -29,6 +29,9 @@ #ifdef HAVE_SYS_STATVFS_H #include <sys/statvfs.h> #endif +#ifdef HAVE_SYS_PRCTL_H +#include <sys/prctl.h> +#endif #include <dirent.h> #include <errno.h> @@ -1523,6 +1526,17 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) log_init(__progname, log_level, log_facility, log_stderr); +#ifdef HAVE_PRCTL + /* + * On Linux, we should try to avoid making /proc/self/{mem,maps} + * available to the user so that sftp access doesn't automatically + * imply arbitrary code execution access that will break + * restricted configurations. + */ + if (prctl(PR_SET_DUMPABLE, 0) != 0) + fatal("unable to make the process undumpable"); +#endif + if ((cp = getenv("SSH_CONNECTION")) != NULL) { client_addr = xstrdup(cp); if ((cp = strchr(client_addr, ' ')) == NULL) { |