/src/hpn-ssh/platform-tracing.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2016 Darren Tucker.  All rights reserved.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include "includes.h"

#include <sys/types.h>
#ifdef HAVE_SYS_PROCCTL_H
#include <sys/procctl.h>
#endif
#if defined(HAVE_SYS_PRCTL_H)
#include <sys/prctl.h>  /* For prctl() and PR_SET_DUMPABLE */
#endif
#ifdef HAVE_SYS_PTRACE_H
#include <sys/ptrace.h>
#endif
#ifdef HAVE_PRIV_H
#include <priv.h> /* For setpflags() and __PROC_PROTECT  */
#endif
#include <stdarg.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>

#include "log.h"

void
platform_disable_tracing(int strict)
{
#if defined(HAVE_PROCCTL) && defined(PROC_TRACE_CTL)
  /* On FreeBSD, we should make this process untraceable */
  int disable_trace = PROC_TRACE_CTL_DISABLE;

  /*
   * On FreeBSD, we should make this process untraceable.
   * pid=0 means "this process" but some older kernels do not
   * understand that so retry with our own pid before failing.
   */
  if (procctl(P_PID, 0, PROC_TRACE_CTL, &disable_trace) == 0)
    return;
  if (procctl(P_PID, getpid(), PROC_TRACE_CTL, &disable_trace) == 0)
    return;
  if (strict)
    fatal("unable to make the process untraceable: %s",
        strerror(errno));
#endif
#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
  /* Disable ptrace on Linux without sgid bit */
  if (prctl(PR_SET_DUMPABLE, 0) != 0 && strict)
    fatal("unable to make the process undumpable: %s",
        strerror(errno));
#endif
#if defined(HAVE_SETPFLAGS) && defined(__PROC_PROTECT)
  /* On Solaris, we should make this process untraceable */
  if (setpflags(__PROC_PROTECT, 1) != 0 && strict)
    fatal("unable to make the process untraceable: %s",
        strerror(errno));
#endif
#ifdef PT_DENY_ATTACH
  /* Mac OS X */
  if (ptrace(PT_DENY_ATTACH, 0, 0, 0) == -1 && strict)
    fatal("unable to set PT_DENY_ATTACH: %s", strerror(errno));
#endif
}

Coverage Report

Created: 2025-07-11 06:19

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright (c) 2016 Darren Tucker. All rights reserved.
3		*
4		* Permission to use, copy, modify, and distribute this software for any
5		* purpose with or without fee is hereby granted, provided that the above
6		* copyright notice and this permission notice appear in all copies.
7		*
8		* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9		* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10		* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11		* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12		* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13		* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14		* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15		*/
16
17		#include "includes.h"
18
19		#include <sys/types.h>
20		#ifdef HAVE_SYS_PROCCTL_H
21		#include <sys/procctl.h>
22		#endif
23		#if defined(HAVE_SYS_PRCTL_H)
24		#include <sys/prctl.h> /* For prctl() and PR_SET_DUMPABLE */
25		#endif
26		#ifdef HAVE_SYS_PTRACE_H
27		#include <sys/ptrace.h>
28		#endif
29		#ifdef HAVE_PRIV_H
30		#include <priv.h> /* For setpflags() and __PROC_PROTECT */
31		#endif
32		#include <stdarg.h>
33		#include <stdio.h>
34		#include <string.h>
35		#include <unistd.h>
36
37		#include "log.h"
38
39		void
40		platform_disable_tracing(int strict)
41	0	{
42		#if defined(HAVE_PROCCTL) && defined(PROC_TRACE_CTL)
43		/* On FreeBSD, we should make this process untraceable */
44		int disable_trace = PROC_TRACE_CTL_DISABLE;
45
46		/*
47		* On FreeBSD, we should make this process untraceable.
48		* pid=0 means "this process" but some older kernels do not
49		* understand that so retry with our own pid before failing.
50		*/
51		if (procctl(P_PID, 0, PROC_TRACE_CTL, &disable_trace) == 0)
52		return;
53		if (procctl(P_PID, getpid(), PROC_TRACE_CTL, &disable_trace) == 0)
54		return;
55		if (strict)
56		fatal("unable to make the process untraceable: %s",
57		strerror(errno));
58		#endif
59	0	#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
60		/* Disable ptrace on Linux without sgid bit */
61	0	if (prctl(PR_SET_DUMPABLE, 0) != 0 && strict)
62	0	fatal("unable to make the process undumpable: %s",
63	0	strerror(errno));
64	0	#endif
65		#if defined(HAVE_SETPFLAGS) && defined(__PROC_PROTECT)
66		/* On Solaris, we should make this process untraceable */
67		if (setpflags(__PROC_PROTECT, 1) != 0 && strict)
68		fatal("unable to make the process untraceable: %s",
69		strerror(errno));
70		#endif
71		#ifdef PT_DENY_ATTACH
72		/* Mac OS X */
73		if (ptrace(PT_DENY_ATTACH, 0, 0, 0) == -1 && strict)
74		fatal("unable to set PT_DENY_ATTACH: %s", strerror(errno));
75		#endif
76	0	}