Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssh/patches/043-protect_agent_sftpserver.patch
author xiao qing lu - Sun Microsystems - Beijing China <xiaoqing.lu@oracle.com>
Tue, 12 Jul 2016 19:50:03 -0700
changeset 6403 9d25dbe7eb71
parent 6156 693241cfaaaf
permissions -rw-r--r--
23209274 Upgrade libsigsegv to 2.10

#
# This patch is to make ssh-agent and sftp-server untraceable on Solaris
# without using the sgid bit.  The OpenSSH upstream contains code for 
# Linux to disable ptrace on these two programs. This patch provides the
# equivalent Solaris implementation.
#
# This Solaris-specific patch has been contributed back to OpenSSH upstream.
# For more information, see https://bugzilla.mindrot.org/show_bug.cgi?id=2584.
# In the future, if this is accepted by the upsteam in a later release, we will
# remove this patch when we upgrade to that release.
#
--- orig/config.h.in	Mon Jun  6 19:22:23 2016
+++ new/config.h.in	Mon Jun  6 19:25:05 2016
@@ -962,6 +962,9 @@
 /* Define to 1 if you have the `setpcred' function. */
 #undef HAVE_SETPCRED
 
+/* Define to 1 if you have the `setpflags' function. */
+#undef HAVE_SETPFLAGS
+
 /* Define to 1 if you have the `setppriv' function. */
 #undef HAVE_SETPPRIV
 
--- orig/configure.ac	Mon Jun  6 16:03:27 2016
+++ new/configure.ac	Mon Jun  6 19:17:06 2016
@@ -899,6 +899,8 @@
 	else
 		AC_MSG_RESULT([no])
 	fi
+      
+	AC_CHECK_FUNCS([setpflags])
 	AC_CHECK_FUNCS([setppriv])
 	AC_CHECK_FUNCS([priv_basicset])
 	AC_CHECK_HEADERS([priv.h])
--- orig/sftp-server.c	Tue Jun  7 11:16:34 2016
+++ new/sftp-server.c	Tue Jun  7 16:48:09 2016
@@ -32,6 +32,9 @@
 #ifdef HAVE_SYS_PRCTL_H
 #include <sys/prctl.h>
 #endif
+#ifdef HAVE_PRIV_H
+#include <priv.h> /* For setpflags() and __PROC_PROTECT  */
+#endif
 
 #include <dirent.h>
 #include <errno.h>
@@ -1588,6 +1591,11 @@
 
 	log_init(__progname, log_level, log_facility, log_stderr);
 
+#if defined(HAVE_SETPFLAGS) && defined(__PROC_PROTECT)
+	/* On Solaris, we should make this process untraceable */
+	if (setpflags(__PROC_PROTECT, 1) != 0)
+		fatal("unable to make the process untraceable");
+#else 
 #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
 	/*
 	 * On Linux, we should try to avoid making /proc/self/{mem,maps}
@@ -1598,6 +1606,7 @@
 	if (prctl(PR_SET_DUMPABLE, 0) != 0)
 		fatal("unable to make the process undumpable");
 #endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */
+#endif
 
 	/* Drop any fine-grained privileges we don't need */
 	platform_pledge_sftp_server();
--- orig/ssh-agent.c	Mon Jun  6 19:04:38 2016
+++ new/ssh-agent.c	Tue Jun  7 12:18:11 2016
@@ -92,6 +92,10 @@
 #include <sys/prctl.h>	/* For prctl() and PR_SET_DUMPABLE */
 #endif
 
+#if defined(HAVE_PRIV_H)
+#include <priv.h> /* For setpflags() and __PROC_PROTECT  */
+#endif
+
 typedef enum {
 	AUTH_UNUSED,
 	AUTH_SOCKET,
@@ -1209,10 +1213,16 @@
 	setegid(getgid());
 	setgid(getgid());
 
+#if defined(HAVE_SETPFLAGS) && defined(__PROC_PROTECT)
+	/* make it untraceable on Solaris */
+ 	(void) setpflags(__PROC_PROTECT, 1); 
+
+#else
 #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
 	/* Disable ptrace on Linux without sgid bit */
 	prctl(PR_SET_DUMPABLE, 0);
 #endif
+#endif 
 
 #ifdef ENABLE_OPENSSL_FIPS
 	fips_err = ssh_FIPS_mode_set_if_capable();
upstream/oracle/userland-gate