diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2017-05-31 10:04:30 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2017-05-31 10:04:30 +0000 |
| commit | 096e214621ece9abcc4a71210a5f80884a56e9cb (patch) | |
| tree | 28152dd39dc004b8b87f29b4631e09ec3cc6e136 /usr.bin/ssh | |
| parent | c2369e6449b91a0ddf6aed8b5683f1f1630aa477 (diff) | |
use SO_ZEROIZE for privsep communication (if available)
Diffstat (limited to 'usr.bin/ssh')
| -rw-r--r-- | usr.bin/ssh/monitor.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index aa2a77d377b..ef5e9fc1276 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.170 2017/05/31 08:09:45 markus Exp $ */ +/* $OpenBSD: monitor.c,v 1.171 2017/05/31 10:04:29 markus Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -1315,9 +1315,18 @@ static void monitor_openfds(struct monitor *mon, int do_logfds) { int pair[2]; +#ifdef SO_ZEROIZE + int on = 1; +#endif if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) fatal("%s: socketpair: %s", __func__, strerror(errno)); +#ifdef SO_ZEROIZE + if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0) + error("setsockopt SO_ZEROIZE(0): %.100s", strerror(errno)); + if (setsockopt(pair[1], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0) + error("setsockopt SO_ZEROIZE(1): %.100s", strerror(errno)); +#endif FD_CLOSEONEXEC(pair[0]); FD_CLOSEONEXEC(pair[1]); mon->m_recvfd = pair[0]; |