Use Solaris setpflags(__PROC_PROTECT, ...).
Where possible, use Solaris setpflags to disable process tracing on
ssh-agent and sftp-server. bz#2584, based on a patch from huieying.lee
at oracle.com, ok djm.
diff --git a/configure.ac b/configure.ac
index 6638703..8354876 100644
--- a/configure.ac
+++ b/configure.ac
@@ -898,6 +898,7 @@
else
AC_MSG_RESULT([no])
fi
+ AC_CHECK_FUNCS([setpflags])
AC_CHECK_FUNCS([setppriv])
AC_CHECK_FUNCS([priv_basicset])
AC_CHECK_HEADERS([priv.h])
diff --git a/platform.c b/platform.c
index e3722e4..c68bb09 100644
--- a/platform.c
+++ b/platform.c
@@ -22,6 +22,9 @@
#if defined(HAVE_SYS_PRCTL_H)
#include <sys/prctl.h> /* For prctl() and PR_SET_DUMPABLE */
#endif
+#ifdef HAVE_PRIV_H
+#include <priv.h> /* For setpflags() and __PROC_PROTECT */
+#endif
#include <stdarg.h>
#include <unistd.h>
@@ -229,4 +232,9 @@
if (prctl(PR_SET_DUMPABLE, 0) != 0 && strict)
fatal("unable to make the process undumpable");
#endif
+#if defined(HAVE_SETPFLAGS) && defined(__PROC_PROTECT)
+ /* On Solaris, we should make this process untraceable */
+ if (setpflags(__PROC_PROTECT, 1) != 0 && strict)
+ fatal("unable to make the process untraceable");
+#endif
}