summaryrefslogtreecommitdiff
path: root/sftp-server.c
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2016-06-09 16:23:07 +1000
committerDarren Tucker <dtucker@zip.com.au>2016-06-09 16:23:07 +1000
commit0fb7f5985351fbbcd2613d8485482c538e5123be (patch)
treee1f112e1d19fcb004a643bef8ce24c03ea38e5e2 /sftp-server.c
parente6508898c3cd838324ecfe1abd0eb8cf802e7106 (diff)
Move prctl PR_SET_DUMPABLE into platform.c.
This should make it easier to add additional platform support such as Solaris (bz#2584).
Diffstat (limited to 'sftp-server.c')
-rw-r--r--sftp-server.c10
1 files changed, 2 insertions, 8 deletions
diff --git a/sftp-server.c b/sftp-server.c
index e11a1b89..646286a3 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -29,9 +29,6 @@
#ifdef HAVE_SYS_STATVFS_H
#include <sys/statvfs.h>
#endif
-#ifdef HAVE_SYS_PRCTL_H
-#include <sys/prctl.h>
-#endif
#include <dirent.h>
#include <errno.h>
@@ -1588,16 +1585,13 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
log_init(__progname, log_level, log_facility, log_stderr);
-#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
/*
- * On Linux, we should try to avoid making /proc/self/{mem,maps}
+ * On platforms where we can, avoid making /proc/self/{mem,maps}
* available to the user so that sftp access doesn't automatically
* imply arbitrary code execution access that will break
* restricted configurations.
*/
- if (prctl(PR_SET_DUMPABLE, 0) != 0)
- fatal("unable to make the process undumpable");
-#endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */
+ platform_disable_tracing(1); /* strict */
/* Drop any fine-grained privileges we don't need */
platform_pledge_sftp_server();