File openssh-6.6p1-sftp_procfs_restrictions.patch of Package openssh.10219

# HG changeset patch
# Parent  39302a08304db583502c01422fbb7faa6c719d1e
# On platforms that support it, use prctl() to prevent sftp-server from
# accessing /proc/self/{mem,maps}

bsc#903649

upstream commits
14928b7492abec82afa4c2b778fc03f78cd419b6
9c1dede005746864a4fdb36a7cdf6c51296ca909

diff --git a/openssh-6.6p1/sftp-server.c b/openssh-6.6p1/sftp-server.c
--- a/openssh-6.6p1/sftp-server.c
+++ b/openssh-6.6p1/sftp-server.c
@@ -24,16 +24,19 @@
 # include <sys/time.h>
 #endif
 #ifdef HAVE_SYS_MOUNT_H
 #include <sys/mount.h>
 #endif
 #ifdef HAVE_SYS_STATVFS_H
 #include <sys/statvfs.h>
 #endif
+#ifdef HAVE_SYS_PRCTL_H
+#include <sys/prctl.h>
+#endif
 
 #include <dirent.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <pwd.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
@@ -1539,16 +1542,27 @@ sftp_server_main(int argc, char **argv, 
 		case 'h':
 		default:
 			sftp_server_usage();
 		}
 	}
 
 	log_init(__progname, log_level, log_facility, log_stderr);
 
+#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
+	/*
+	 * On Linux, we should try to avoid making /proc/self/{mem,maps}
+	 * available to the user so that sftp access doesn't automatically
+	 * imply arbitrary code execution access that will break
+	 * restricted configurations.
+	 */
+	if (prctl(PR_SET_DUMPABLE, 0) != 0)
+		fatal("unable to make the process undumpable");
+#endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */
+
 	if ((cp = getenv("SSH_CONNECTION")) != NULL) {
 		client_addr = xstrdup(cp);
 		if ((cp = strchr(client_addr, ' ')) == NULL) {
 			error("Malformed SSH_CONNECTION variable: \"%s\"",
 			    getenv("SSH_CONNECTION"));
 			sftp_server_cleanup_exit(255);
 		}
 		*cp = '\0';
openSUSE Build Service is sponsored by