Attachment 2828 Details for Bug 2584 – Move prtctl into platform.c then add setpflags

[patch] Move prtctl into platform.c then add setpflags

openssh-solaris-prctl.patch (text/plain), 4.10 KB, created by Darren Tucker on 2016-06-09 16:33:53 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Darren Tucker

Created: 2016-06-09 16:33:53 AEST

Size: 4.10 KB

patch

obsolete

>diff --git a/Makefile.in b/Makefile.in
>index 76626fc..1a2e743 100644
>--- a/Makefile.in
>+++ b/Makefile.in
>@@ -92,13 +92,13 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
> 	kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
> 	kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \
> 	kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \
>-	platform-pledge.o
>+	platform.o platform-pledge.o
> 
> SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
> 	sshconnect.o sshconnect1.o sshconnect2.o mux.o
> 
> SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
>-	audit.o audit-bsm.o audit-linux.o platform.o \
>+	audit.o audit-bsm.o audit-linux.o \
> 	sshpty.o sshlogin.o servconf.o serverloop.o \
> 	auth.o auth1.o auth2.o auth-options.o session.o \
> 	auth-chall.o auth2-chall.o groupaccess.o \
>diff --git a/configure.ac b/configure.ac
>index 6638703..8354876 100644
>--- a/configure.ac
>+++ b/configure.ac
>@@ -898,6 +898,7 @@ mips-sony-bsd|mips-sony-newsos4)
> 	else
> 		AC_MSG_RESULT([no])
> 	fi
>+	AC_CHECK_FUNCS([setpflags])
> 	AC_CHECK_FUNCS([setppriv])
> 	AC_CHECK_FUNCS([priv_basicset])
> 	AC_CHECK_HEADERS([priv.h])
>diff --git a/platform.c b/platform.c
>index 1f68df3..f2939ea 100644
>--- a/platform.c
>+++ b/platform.c
>@@ -19,6 +19,12 @@
> #include "includes.h"
> 
> #include <sys/types.h>
>+#if defined(HAVE_SYS_PRCTL_H)
>+#include <sys/prctl.h>	/* For prctl() and PR_SET_DUMPABLE */
>+#endif
>+#ifdef HAVE_PRIV_H
>+#include <priv.h> /* For setpflags() and __PROC_PROTECT  */
>+#endif
> 
> #include <stdarg.h>
> #include <unistd.h>
>@@ -217,3 +223,20 @@ platform_sys_dir_uid(uid_t uid)
> #endif
> 	return 0;
> }
>+
>+void
>+platform_disable_tracing(int strict)
>+{
>+#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
>+	/* Disable ptrace on Linux without sgid bit */
>+	if (prctl(PR_SET_DUMPABLE, 0) != 0)
>+		if (strict)
>+			fatal("unable to make the process undumpable");
>+#endif
>+#if defined(HAVE_SETPFLAGS) && defined(__PROC_PROTECT)
>+	/* On Solaris, we should make this process untraceable */
>+	if (setpflags(__PROC_PROTECT, 1) != 0)
>+		if (strict)
>+			fatal("unable to make the process untraceable");
>+#endif
>+}
>diff --git a/platform.h b/platform.h
>index e687c99..e97ecd9 100644
>--- a/platform.h
>+++ b/platform.h
>@@ -31,6 +31,7 @@ void platform_setusercontext_post_groups(struct passwd *);
> char *platform_get_krb5_client(const char *);
> char *platform_krb5_get_principal_name(const char *);
> int platform_sys_dir_uid(uid_t);
>+void platform_disable_tracing(int);
> 
> /* in platform-pledge.c */
> void platform_pledge_agent(void);
>diff --git a/sftp-server.c b/sftp-server.c
>index e11a1b8..646286a 100644
>--- a/sftp-server.c
>+++ b/sftp-server.c
>@@ -29,9 +29,6 @@
> #ifdef HAVE_SYS_STATVFS_H
> #include <sys/statvfs.h>
> #endif
>-#ifdef HAVE_SYS_PRCTL_H
>-#include <sys/prctl.h>
>-#endif
> 
> #include <dirent.h>
> #include <errno.h>
>@@ -1588,16 +1585,13 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
> 
> 	log_init(__progname, log_level, log_facility, log_stderr);
> 
>-#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
> 	/*
>-	 * On Linux, we should try to avoid making /proc/self/{mem,maps}
>+	 * On platforms where we can, avoid making /proc/self/{mem,maps}
> 	 * available to the user so that sftp access doesn't automatically
> 	 * imply arbitrary code execution access that will break
> 	 * restricted configurations.
> 	 */
>-	if (prctl(PR_SET_DUMPABLE, 0) != 0)
>-		fatal("unable to make the process undumpable");
>-#endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */
>+	platform_disable_tracing(1);	/* strict */
> 
> 	/* Drop any fine-grained privileges we don't need */
> 	platform_pledge_sftp_server();
>diff --git a/ssh-agent.c b/ssh-agent.c
>index 8aa25b3..25d6ebc 100644
>--- a/ssh-agent.c
>+++ b/ssh-agent.c
>@@ -88,10 +88,6 @@
> #include "ssh-pkcs11.h"
> #endif
> 
>-#if defined(HAVE_SYS_PRCTL_H)
>-#include <sys/prctl.h>	/* For prctl() and PR_SET_DUMPABLE */
>-#endif
>-
> typedef enum {
> 	AUTH_UNUSED,
> 	AUTH_SOCKET,
>@@ -1209,10 +1205,7 @@ main(int ac, char **av)
> 	setegid(getgid());
> 	setgid(getgid());
> 
>-#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
>-	/* Disable ptrace on Linux without sgid bit */
>-	prctl(PR_SET_DUMPABLE, 0);
>-#endif
>+	platform_disable_tracing(0);	/* strict=no */
> 
> #ifdef WITH_OPENSSL
> 	OpenSSL_add_all_algorithms();

Flags:

djm: ok+

Actions: View | Diff

Attachments on bug 2584: 2827 | 2828