- (djm) On platforms that support it, use prctl() to prevent sftp-server
from accessing /proc/self/{mem,maps}; patch from jann AT thejh.net
diff --git a/sftp-server.c b/sftp-server.c
index b8eb59c..7783411 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -29,6 +29,9 @@
#ifdef HAVE_SYS_STATVFS_H
#include <sys/statvfs.h>
#endif
+#ifdef HAVE_SYS_PRCTL_H
+#include <sys/prctl.h>
+#endif
#include <dirent.h>
#include <errno.h>
@@ -1523,6 +1526,17 @@
log_init(__progname, log_level, log_facility, log_stderr);
+#ifdef HAVE_PRCTL
+ /*
+ * On Linux, we should try to avoid making /proc/self/{mem,maps}
+ * available to the user so that sftp access doesn't automatically
+ * imply arbitrary code execution access that will break
+ * restricted configurations.
+ */
+ if (prctl(PR_SET_DUMPABLE, 0) != 0)
+ fatal("unable to make the process undumpable");
+#endif
+
if ((cp = getenv("SSH_CONNECTION")) != NULL) {
client_addr = xstrdup(cp);
if ((cp = strchr(client_addr, ' ')) == NULL) {