1 # |
|
2 # This patch is to make ssh-agent and sftp-server untraceable on Solaris |
|
3 # without using the sgid bit. The OpenSSH upstream contains code for |
|
4 # Linux to disable ptrace on these two programs. This patch provides the |
|
5 # equivalent Solaris implementation. |
|
6 # |
|
7 # This Solaris-specific patch has been contributed back to OpenSSH upstream. |
|
8 # For more information, see https://bugzilla.mindrot.org/show_bug.cgi?id=2584. |
|
9 # In the future, if this is accepted by the upsteam in a later release, we will |
|
10 # remove this patch when we upgrade to that release. |
|
11 # |
|
12 --- orig/config.h.in Mon Jun 6 19:22:23 2016 |
|
13 +++ new/config.h.in Mon Jun 6 19:25:05 2016 |
|
14 @@ -962,6 +962,9 @@ |
|
15 /* Define to 1 if you have the `setpcred' function. */ |
|
16 #undef HAVE_SETPCRED |
|
17 |
|
18 +/* Define to 1 if you have the `setpflags' function. */ |
|
19 +#undef HAVE_SETPFLAGS |
|
20 + |
|
21 /* Define to 1 if you have the `setppriv' function. */ |
|
22 #undef HAVE_SETPPRIV |
|
23 |
|
24 --- orig/configure.ac Mon Jun 6 16:03:27 2016 |
|
25 +++ new/configure.ac Mon Jun 6 19:17:06 2016 |
|
26 @@ -899,6 +899,8 @@ |
|
27 else |
|
28 AC_MSG_RESULT([no]) |
|
29 fi |
|
30 + |
|
31 + AC_CHECK_FUNCS([setpflags]) |
|
32 AC_CHECK_FUNCS([setppriv]) |
|
33 AC_CHECK_FUNCS([priv_basicset]) |
|
34 AC_CHECK_HEADERS([priv.h]) |
|
35 --- orig/sftp-server.c Tue Jun 7 11:16:34 2016 |
|
36 +++ new/sftp-server.c Tue Jun 7 16:48:09 2016 |
|
37 @@ -32,6 +32,9 @@ |
|
38 #ifdef HAVE_SYS_PRCTL_H |
|
39 #include <sys/prctl.h> |
|
40 #endif |
|
41 +#ifdef HAVE_PRIV_H |
|
42 +#include <priv.h> /* For setpflags() and __PROC_PROTECT */ |
|
43 +#endif |
|
44 |
|
45 #include <dirent.h> |
|
46 #include <errno.h> |
|
47 @@ -1588,6 +1591,11 @@ |
|
48 |
|
49 log_init(__progname, log_level, log_facility, log_stderr); |
|
50 |
|
51 +#if defined(HAVE_SETPFLAGS) && defined(__PROC_PROTECT) |
|
52 + /* On Solaris, we should make this process untraceable */ |
|
53 + if (setpflags(__PROC_PROTECT, 1) != 0) |
|
54 + fatal("unable to make the process untraceable"); |
|
55 +#else |
|
56 #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) |
|
57 /* |
|
58 * On Linux, we should try to avoid making /proc/self/{mem,maps} |
|
59 @@ -1598,6 +1606,7 @@ |
|
60 if (prctl(PR_SET_DUMPABLE, 0) != 0) |
|
61 fatal("unable to make the process undumpable"); |
|
62 #endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */ |
|
63 +#endif |
|
64 |
|
65 /* Drop any fine-grained privileges we don't need */ |
|
66 platform_pledge_sftp_server(); |
|
67 --- orig/ssh-agent.c Mon Jun 6 19:04:38 2016 |
|
68 +++ new/ssh-agent.c Tue Jun 7 12:18:11 2016 |
|
69 @@ -92,6 +92,10 @@ |
|
70 #include <sys/prctl.h> /* For prctl() and PR_SET_DUMPABLE */ |
|
71 #endif |
|
72 |
|
73 +#if defined(HAVE_PRIV_H) |
|
74 +#include <priv.h> /* For setpflags() and __PROC_PROTECT */ |
|
75 +#endif |
|
76 + |
|
77 typedef enum { |
|
78 AUTH_UNUSED, |
|
79 AUTH_SOCKET, |
|
80 @@ -1209,10 +1213,16 @@ |
|
81 setegid(getgid()); |
|
82 setgid(getgid()); |
|
83 |
|
84 +#if defined(HAVE_SETPFLAGS) && defined(__PROC_PROTECT) |
|
85 + /* make it untraceable on Solaris */ |
|
86 + (void) setpflags(__PROC_PROTECT, 1); |
|
87 + |
|
88 +#else |
|
89 #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) |
|
90 /* Disable ptrace on Linux without sgid bit */ |
|
91 prctl(PR_SET_DUMPABLE, 0); |
|
92 #endif |
|
93 +#endif |
|
94 |
|
95 #ifdef ENABLE_OPENSSL_FIPS |
|
96 fips_err = ssh_FIPS_mode_set_if_capable(); |
|