sgtm for some reason I thought you were already doing this. On Tue, Oct 25, 2016 at 5:30 PM, Darren Tucker <dtucker@xxxxxxxxxx> wrote: > Hi. > > Mac OS X has a PT_DENY_ATTACH argument to ptrace(2) which does what > it says on the tin: > > PT_DENY_ATTACH > This request is the other operation used by the traced > process; it allows a process that is not currently being > traced to deny future traces by its parent. All other > arguments are ignored. If the process is currently being > traced, it will exit with the exit status of ENOTSUP; oth- > erwise, it sets a flag that denies future traces. An > attempt by the parent to trace a process which has set this > flag will result in a segmentation violation in the parent > > Any reason not to use it in platform_disable_tracing() ? > > diff --git a/configure.ac b/configure.ac > index f5e1378..88c4633 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -405,6 +405,7 @@ AC_CHECK_HEADERS([ \ > sys/poll.h \ > sys/prctl.h \ > sys/pstat.h \ > + sys/ptrace.h \ > sys/select.h \ > sys/stat.h \ > sys/stream.h \ > diff --git a/platform-tracing.c b/platform-tracing.c > index 81020e7..4c80a28 100644 > --- a/platform-tracing.c > +++ b/platform-tracing.c > @@ -20,6 +20,9 @@ > #if defined(HAVE_SYS_PRCTL_H) > #include <sys/prctl.h> /* For prctl() and PR_SET_DUMPABLE */ > #endif > +#ifdef HAVE_SYS_PTRACE_H > +#include <sys/ptrace.h> > +#endif > #ifdef HAVE_PRIV_H > #include <priv.h> /* For setpflags() and __PROC_PROTECT */ > #endif > @@ -40,4 +43,9 @@ platform_disable_tracing(int strict) > if (setpflags(__PROC_PROTECT, 1) != 0 && strict) > fatal("unable to make the process untraceable"); > #endif > +#ifdef PT_DENY_ATTACH > + /* Mac OS X */ > + if (ptrace(PT_DENY_ATTACH, 0, 0, 0) == -1 && strict) > + fatal("unable to set PT_DENY_ATTACH"); > +#endif > } > > -- > Darren Tucker (dtucker at zip.com.au) > GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement. > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev