#

# This patch is to make ssh-agent and sftp-server untraceable on Solaris

# without using the sgid bit.  The OpenSSH upstream contains code for 

# Linux to disable ptrace on these two programs. This patch provides the

# equivalent Solaris implementation.

#

# This Solaris-specific patch has been contributed back to OpenSSH upstream.

# For more information, see https://bugzilla.mindrot.org/show_bug.cgi?id=2584.

# In the future, if this is accepted by the upsteam in a later release, we will

# remove this patch when we upgrade to that release.

#

--- orig/config.h.in	Mon Jun  6 19:22:23 2016

+++ new/config.h.in	Mon Jun  6 19:25:05 2016

@@ -962,6 +962,9 @@

 /* Define to 1 if you have the `setpcred' function. */

 #undef HAVE_SETPCRED

+/* Define to 1 if you have the `setpflags' function. */

+#undef HAVE_SETPFLAGS

+

 /* Define to 1 if you have the `setppriv' function. */

 #undef HAVE_SETPPRIV

--- orig/configure.ac	Mon Jun  6 16:03:27 2016

+++ new/configure.ac	Mon Jun  6 19:17:06 2016

@@ -899,6 +899,8 @@

 	else

 		AC_MSG_RESULT([no])

 	fi

+      

+	AC_CHECK_FUNCS([setpflags])

 	AC_CHECK_FUNCS([setppriv])

 	AC_CHECK_FUNCS([priv_basicset])

 	AC_CHECK_HEADERS([priv.h])

--- orig/sftp-server.c	Tue Jun  7 11:16:34 2016

+++ new/sftp-server.c	Tue Jun  7 16:48:09 2016

@@ -32,6 +32,9 @@

 #ifdef HAVE_SYS_PRCTL_H

 #include <sys/prctl.h>

 #endif

+#ifdef HAVE_PRIV_H

+#include <priv.h> /* For setpflags() and __PROC_PROTECT  */

+#endif

 #include <dirent.h>

 #include <errno.h>

@@ -1588,6 +1591,11 @@

 	log_init(__progname, log_level, log_facility, log_stderr);

+#if defined(HAVE_SETPFLAGS) && defined(__PROC_PROTECT)

+	/* On Solaris, we should make this process untraceable */

+	if (setpflags(__PROC_PROTECT, 1) != 0)

+		fatal("unable to make the process untraceable");

+#else 

 #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)

 	/*

 	 * On Linux, we should try to avoid making /proc/self/{mem,maps}

@@ -1598,6 +1606,7 @@

 	if (prctl(PR_SET_DUMPABLE, 0) != 0)

 		fatal("unable to make the process undumpable");

 #endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */

+#endif

 	/* Drop any fine-grained privileges we don't need */

 	platform_pledge_sftp_server();

--- orig/ssh-agent.c	Mon Jun  6 19:04:38 2016

+++ new/ssh-agent.c	Tue Jun  7 12:18:11 2016

@@ -92,6 +92,10 @@

 #include <sys/prctl.h>	/* For prctl() and PR_SET_DUMPABLE */

 #endif

+#if defined(HAVE_PRIV_H)

+#include <priv.h> /* For setpflags() and __PROC_PROTECT  */

+#endif

+

 typedef enum {

 	AUTH_UNUSED,

 	AUTH_SOCKET,

@@ -1209,10 +1213,16 @@

 	setegid(getgid());

 	setgid(getgid());

+#if defined(HAVE_SETPFLAGS) && defined(__PROC_PROTECT)

+	/* make it untraceable on Solaris */

+ 	(void) setpflags(__PROC_PROTECT, 1); 

+

+#else

 #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)

 	/* Disable ptrace on Linux without sgid bit */

 	prctl(PR_SET_DUMPABLE, 0);

 #endif

+#endif 

 #ifdef ENABLE_OPENSSL_FIPS

 	fips_err = ssh_FIPS_mode_set_if_capable();