- (dtucker) [auth-pam.c scard-opensc.c] Tinderbox says auth-pam.c uses

[openssh.git] / ssh-agent.c

diff --git a/ssh-agent.c b/ssh-agent.c
index d595479f9984c480bb359ae9059b18e380fa2fae..a383221604a650a5f92418b192a1b2889b378a5b 100644 (file)
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -35,7 +35,7 @@
 
 #include "includes.h"
 #include "openbsd-compat/sys-queue.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.115 2003/10/14 19:54:39 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.118 2004/05/08 00:21:31 djm Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/md5.h>
@@ -50,13 +50,16 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.115 2003/10/14 19:54:39 markus Exp $");
 #include "authfd.h"
 #include "compat.h"
 #include "log.h"
-#include "readpass.h"
 #include "misc.h"
 
 #ifdef SMARTCARD
 #include "scard.h"
 #endif
 
+#if defined(HAVE_SYS_PRCTL_H)
+#include <sys/prctl.h> /* For prctl() and PR_SET_DUMPABLE */
+#endif
+
 typedef enum {
        AUTH_UNUSED,
        AUTH_SOCKET,
@@ -179,7 +182,7 @@ confirm_key(Identity *id)
        p = read_passphrase(prompt, RP_ALLOW_EOF);
        if (p != NULL) {
                /*
-                * Accept empty responses and responses consisting 
+                * Accept empty responses and responses consisting
                 * of the word "yes" as affirmative.
                 */
                if (*p == '\0' || *p == '\n' || strcasecmp(p, "yes") == 0)
@@ -1023,6 +1026,11 @@ main(int ac, char **av)
        setegid(getgid());
        setgid(getgid());
 
+#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
+       /* Disable ptrace on Linux without sgid bit */
+       prctl(PR_SET_DUMPABLE, 0);
+#endif
+
        SSLeay_add_all_algorithms();
 
        __progname = ssh_get_progname(av[0]);
@@ -1138,7 +1146,7 @@ main(int ac, char **av)
 #ifdef HAVE_CYGWIN
        umask(prev_mask);
 #endif
-       if (listen(sock, 128) < 0) {
+       if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {
                perror("listen");
                cleanup_exit(1);
        }