From 0fb7f5985351fbbcd2613d8485482c538e5123be Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 9 Jun 2016 16:23:07 +1000 Subject: Move prctl PR_SET_DUMPABLE into platform.c. This should make it easier to add additional platform support such as Solaris (bz#2584). --- Makefile.in | 4 ++-- platform.c | 14 ++++++++++++++ platform.h | 1 + sftp-server.c | 10 ++-------- ssh-agent.c | 9 +-------- 5 files changed, 20 insertions(+), 18 deletions(-) diff --git a/Makefile.in b/Makefile.in index 76626fc6..1a2e743a 100644 --- a/Makefile.in +++ b/Makefile.in @@ -92,13 +92,13 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \ - platform-pledge.o + platform.o platform-pledge.o SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ sshconnect.o sshconnect1.o sshconnect2.o mux.o SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ - audit.o audit-bsm.o audit-linux.o platform.o \ + audit.o audit-bsm.o audit-linux.o \ sshpty.o sshlogin.o servconf.o serverloop.o \ auth.o auth1.o auth2.o auth-options.o session.o \ auth-chall.o auth2-chall.o groupaccess.o \ diff --git a/platform.c b/platform.c index 1f68df3a..ee3e0691 100644 --- a/platform.c +++ b/platform.c @@ -19,6 +19,9 @@ #include "includes.h" #include +#if defined(HAVE_SYS_PRCTL_H) +#include /* For prctl() and PR_SET_DUMPABLE */ +#endif #include #include @@ -217,3 +220,14 @@ platform_sys_dir_uid(uid_t uid) #endif return 0; } + +void +platform_disable_tracing(int strict) +{ +#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) + /* Disable ptrace on Linux without sgid bit */ + if (prctl(PR_SET_DUMPABLE, 0) != 0) + if (strict) + fatal("unable to make the process undumpable"); +#endif +} diff --git a/platform.h b/platform.h index e687c99b..e97ecd90 100644 --- a/platform.h +++ b/platform.h @@ -31,6 +31,7 @@ void platform_setusercontext_post_groups(struct passwd *); char *platform_get_krb5_client(const char *); char *platform_krb5_get_principal_name(const char *); int platform_sys_dir_uid(uid_t); +void platform_disable_tracing(int); /* in platform-pledge.c */ void platform_pledge_agent(void); diff --git a/sftp-server.c b/sftp-server.c index e11a1b89..646286a3 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -29,9 +29,6 @@ #ifdef HAVE_SYS_STATVFS_H #include #endif -#ifdef HAVE_SYS_PRCTL_H -#include -#endif #include #include @@ -1588,16 +1585,13 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) log_init(__progname, log_level, log_facility, log_stderr); -#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) /* - * On Linux, we should try to avoid making /proc/self/{mem,maps} + * On platforms where we can, avoid making /proc/self/{mem,maps} * available to the user so that sftp access doesn't automatically * imply arbitrary code execution access that will break * restricted configurations. */ - if (prctl(PR_SET_DUMPABLE, 0) != 0) - fatal("unable to make the process undumpable"); -#endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */ + platform_disable_tracing(1); /* strict */ /* Drop any fine-grained privileges we don't need */ platform_pledge_sftp_server(); diff --git a/ssh-agent.c b/ssh-agent.c index 8aa25b30..25d6ebc5 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -88,10 +88,6 @@ #include "ssh-pkcs11.h" #endif -#if defined(HAVE_SYS_PRCTL_H) -#include /* For prctl() and PR_SET_DUMPABLE */ -#endif - typedef enum { AUTH_UNUSED, AUTH_SOCKET, @@ -1209,10 +1205,7 @@ main(int ac, char **av) setegid(getgid()); setgid(getgid()); -#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) - /* Disable ptrace on Linux without sgid bit */ - prctl(PR_SET_DUMPABLE, 0); -#endif + platform_disable_tracing(0); /* strict=no */ #ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); -- cgit v1.2.3