diff options
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | sftp-server.c | 14 |
2 files changed, 18 insertions, 0 deletions
@@ -1,3 +1,7 @@ +20140401 + - (djm) On platforms that support it, use prctl() to prevent sftp-server + from accessing /proc/self/{mem,maps}; patch from jann AT thejh.net + 20140317 - (djm) [sandbox-seccomp-filter.c] Soft-fail stat() syscalls. Add XXX to remind myself to add sandbox violation logging via the log socket. diff --git a/sftp-server.c b/sftp-server.c index b8eb59c3..77834117 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -29,6 +29,9 @@ #ifdef HAVE_SYS_STATVFS_H #include <sys/statvfs.h> #endif +#ifdef HAVE_SYS_PRCTL_H +#include <sys/prctl.h> +#endif #include <dirent.h> #include <errno.h> @@ -1523,6 +1526,17 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) log_init(__progname, log_level, log_facility, log_stderr); +#ifdef HAVE_PRCTL + /* + * On Linux, we should try to avoid making /proc/self/{mem,maps} + * available to the user so that sftp access doesn't automatically + * imply arbitrary code execution access that will break + * restricted configurations. + */ + if (prctl(PR_SET_DUMPABLE, 0) != 0) + fatal("unable to make the process undumpable"); +#endif + if ((cp = getenv("SSH_CONNECTION")) != NULL) { client_addr = xstrdup(cp); if ((cp = strchr(client_addr, ' ')) == NULL) { |