File openssh-6.6p1-sftp_procfs_restrictions.patch of Package openssh-askpass-gnome.5092
# HG changeset patch
# Parent 39302a08304db583502c01422fbb7faa6c719d1e
# On platforms that support it, use prctl() to prevent sftp-server from
# accessing /proc/self/{mem,maps}
bsc#903649
upstream commits
14928b7492abec82afa4c2b778fc03f78cd419b6
9c1dede005746864a4fdb36a7cdf6c51296ca909
diff --git a/openssh-6.6p1/sftp-server.c b/openssh-6.6p1/sftp-server.c
--- a/openssh-6.6p1/sftp-server.c
+++ b/openssh-6.6p1/sftp-server.c
@@ -24,16 +24,19 @@
# include <sys/time.h>
#endif
#ifdef HAVE_SYS_MOUNT_H
#include <sys/mount.h>
#endif
#ifdef HAVE_SYS_STATVFS_H
#include <sys/statvfs.h>
#endif
+#ifdef HAVE_SYS_PRCTL_H
+#include <sys/prctl.h>
+#endif
#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
#include <pwd.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
@@ -1539,16 +1542,27 @@ sftp_server_main(int argc, char **argv,
case 'h':
default:
sftp_server_usage();
}
}
log_init(__progname, log_level, log_facility, log_stderr);
+#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
+ /*
+ * On Linux, we should try to avoid making /proc/self/{mem,maps}
+ * available to the user so that sftp access doesn't automatically
+ * imply arbitrary code execution access that will break
+ * restricted configurations.
+ */
+ if (prctl(PR_SET_DUMPABLE, 0) != 0)
+ fatal("unable to make the process undumpable");
+#endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */
+
if ((cp = getenv("SSH_CONNECTION")) != NULL) {
client_addr = xstrdup(cp);
if ((cp = strchr(client_addr, ' ')) == NULL) {
error("Malformed SSH_CONNECTION variable: \"%s\"",
getenv("SSH_CONNECTION"));
sftp_server_cleanup_exit(255);
}
*cp = '\0';