netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
- sys/cdefs.h sys/mman.h sys/pstat.h sys/ptms.h sys/select.h sys/stat.h \
- sys/stream.h sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
- sys/un.h time.h tmpdir.h ttyent.h usersec.h \
- util.h utime.h utmp.h utmpx.h vis.h)
+ sys/cdefs.h sys/mman.h sys/prctl.h sys/pstat.h sys/ptms.h \
+ sys/select.h sys/stat.h sys/stream.h sys/stropts.h \
+ sys/sysmacros.h sys/time.h sys/timers.h sys/un.h time.h tmpdir.h \
+ ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
# Checks for libraries.
AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
getpeereid _getpty getrlimit getttyent glob inet_aton \
inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
- pstat readpassphrase realpath recvmsg rresvport_af sendmsg \
+ pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
setproctitle setregid setreuid setrlimit \
setsid setvbuf sigaction sigvec snprintf socketpair strerror \
#include "scard.h"
#endif
+#if defined(HAVE_SYS_PRCTL_H)
+#include <sys/prctl.h> /* For prctl() and PR_SET_DUMPABLE */
+#endif
+
typedef enum {
AUTH_UNUSED,
AUTH_SOCKET,
setegid(getgid());
setgid(getgid());
+#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
+ /* Disable ptrace on Linux without sgid bit */
+ prctl(PR_SET_DUMPABLE, 0);
+#endif
+
SSLeay_add_all_algorithms();
__progname = ssh_get_progname(av[0]);