From: David Carlier <devnexen@gmail.com>
Date: Wed, 8 Sep 2021 18:49:54 +0000 (+0100)
Subject: Disable tracing on FreeBSD using procctl.
X-Git-Tag: V_8_8_P1~25
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2d678c5e3bdc2f5c99f7af5122e9d054925d560d;p=thirdparty%2Fopenssh-portable.git

Disable tracing on FreeBSD using procctl.

Placed at the start of platform_disable_tracing() to prevent declaration
after code errors from strict C89 compilers (in the unlikely event that
more than one method is enabled).
---

diff --git a/configure.ac b/configure.ac
index f0eb24b86..413913a7c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -454,6 +454,7 @@ AC_CHECK_HEADERS([ \
 	sys/ndir.h \
 	sys/poll.h \
 	sys/prctl.h \
+	sys/procctl.h \
 	sys/pstat.h \
 	sys/ptrace.h \
 	sys/random.h \
@@ -1868,6 +1869,7 @@ AC_CHECK_FUNCS([ \
 	pledge \
 	poll \
 	prctl \
+	procctl \
 	pselect \
 	pstat \
 	raise \
diff --git a/platform-tracing.c b/platform-tracing.c
index 4c80a282c..0daf2a86f 100644
--- a/platform-tracing.c
+++ b/platform-tracing.c
@@ -17,6 +17,9 @@
 #include "includes.h"
 
 #include <sys/types.h>
+#ifdef HAVE_SYS_PROCCTL_H
+#include <sys/procctl.h>
+#endif
 #if defined(HAVE_SYS_PRCTL_H)
 #include <sys/prctl.h>	/* For prctl() and PR_SET_DUMPABLE */
 #endif
@@ -33,6 +36,13 @@
 void
 platform_disable_tracing(int strict)
 {
+#if defined(HAVE_PROCCTL) && defined(PROC_TRACE_CTL)
+	/* On FreeBSD, we should make this process untraceable */
+	int disable_trace = PROC_TRACE_CTL_DISABLE;
+
+	if (procctl(P_PID, 0, PROC_TRACE_CTL, &disable_trace) && strict)
+		fatal("unable to make the process untraceable");
+#endif
 #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
 	/* Disable ptrace on Linux without sgid bit */
 	if (prctl(PR_SET_DUMPABLE, 0) != 0 && strict)