[openssh-commits] [openssh] 01/01: Disable tracing on FreeBSD using procctl.

git+noreply at mindrot.org git+noreply at mindrot.org
Thu Sep 9 18:15:03 AEST 2021 

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit 2d678c5e3bdc2f5c99f7af5122e9d054925d560d
Author: David Carlier <devnexen at gmail.com>
Date:   Wed Sep 8 19:49:54 2021 +0100

    Disable tracing on FreeBSD using procctl.
    
    Placed at the start of platform_disable_tracing() to prevent declaration
    after code errors from strict C89 compilers (in the unlikely event that
    more than one method is enabled).
---
 configure.ac       |  2 ++
 platform-tracing.c | 10 ++++++++++
 2 files changed, 12 insertions(+)

diff --git a/configure.ac b/configure.ac
index f0eb24b8..413913a7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -454,6 +454,7 @@ AC_CHECK_HEADERS([ \
 	sys/ndir.h \
 	sys/poll.h \
 	sys/prctl.h \
+	sys/procctl.h \
 	sys/pstat.h \
 	sys/ptrace.h \
 	sys/random.h \
@@ -1868,6 +1869,7 @@ AC_CHECK_FUNCS([ \
 	pledge \
 	poll \
 	prctl \
+	procctl \
 	pselect \
 	pstat \
 	raise \
diff --git a/platform-tracing.c b/platform-tracing.c
index 4c80a282..0daf2a86 100644
--- a/platform-tracing.c
+++ b/platform-tracing.c
@@ -17,6 +17,9 @@
 #include "includes.h"
 
 #include <sys/types.h>
+#ifdef HAVE_SYS_PROCCTL_H
+#include <sys/procctl.h>
+#endif
 #if defined(HAVE_SYS_PRCTL_H)
 #include <sys/prctl.h>	/* For prctl() and PR_SET_DUMPABLE */
 #endif
@@ -33,6 +36,13 @@
 void
 platform_disable_tracing(int strict)
 {
+#if defined(HAVE_PROCCTL) && defined(PROC_TRACE_CTL)
+	/* On FreeBSD, we should make this process untraceable */
+	int disable_trace = PROC_TRACE_CTL_DISABLE;
+
+	if (procctl(P_PID, 0, PROC_TRACE_CTL, &disable_trace) && strict)
+		fatal("unable to make the process untraceable");
+#endif
 #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
 	/* Disable ptrace on Linux without sgid bit */
 	if (prctl(PR_SET_DUMPABLE, 0) != 0 && strict)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list