do not allow the processes to be traced in linux

That would prevent a worker process tracing one
from another user.

src/system.c

@@ -38,6 +38,16 @@ void kill_on_parent_kill(int sig)
 #endif
 }
 
+void pr_set_undumpable(const char *mod)
+{
+#ifdef __linux__
+	if (prctl(PR_SET_DUMPABLE, 0) == -1) {
+		int e = errno;
+		syslog(LOG_ERR, "%s: prctl(PR_SET_DUMPABLE) failed %s",
+			mod, strerror(e));
+	}
+#endif
+}
 
 SIGHANDLER_T ocsignal(int signum, SIGHANDLER_T handler)
 {

src/system.h

@@ -36,6 +36,7 @@ typedef void (*sighandler_t)(int);
 # define SIGHANDLER_T sighandler_t
 #endif
 
+void pr_set_undumpable(const char* mod);
 void kill_on_parent_kill(int sig);
 
 SIGHANDLER_T ocsignal(int signum, SIGHANDLER_T handler);

src/worker-vpn.c

@@ -779,6 +779,9 @@ void vpn_server(struct worker_st *ws)
 	if (ws->config->auth_timeout)
 		alarm(ws->config->auth_timeout);
 
+	/* do not allow this process to be traced. That
+	 * prevents worker processes tracing each other. */
+	pr_set_undumpable("worker");
 	if (ws->config->seccomp != 0) {
 		ret = disable_system_calls(ws);
 		if (ret < 0) {