1
0
Эх сурвалжийг харах

Use Linux's prctl(PR_SET_DUMPABLE) to disable core dumps and ptrace(2).

Bryan Drewery 10 жил өмнө
parent
commit
6e3aea46cb
2 өөрчлөгдсөн 12 нэмэгдсэн , 0 устгасан
  1. 1 0
      doc/UPDATES.md
  2. 11 0
      src/shell.cc

+ 1 - 0
doc/UPDATES.md

@@ -3,6 +3,7 @@
   * Fix Linux binary compat on FreeBSD due to lack of ptrace(2).
   * Avoid warnings from Debian's FORTIFY_SOURCE
   * Remove an old +take limiter that was forgotten.
+  * Use Linux's prctl(PR_SET_DUMPABLE) to disable core dumps and ptrace(2).
 
 # 1.4.6
   * Disable demo TCL support by default to prevent confusion during build.

+ 11 - 0
src/shell.cc

@@ -305,6 +305,17 @@ void check_trace(int start)
     if (!start)
       return;
 
+#if defined(PR_SET_DUMPABLE) && defined(PR_GET_DUMPABLE) && !defined(DEBUG)
+    /* Try to disable ptrace and core dumping entirely. */
+    if (prctl(PR_GET_DUMPABLE) == 0 ||
+        (prctl(PR_SET_DUMPABLE, 0) == 0 && prctl(PR_GET_DUMPABLE) == 0)) {
+      /* We're safe! Don't bother with further checks. */
+      putlog(LOG_DEBUG, "*", "Ptrace disabled, no longer checking.");
+      trace = DET_IGNORE;
+      return;
+    }
+#endif
+
 #ifndef __sun__
     int x, i, filedes[2];