[Bug 2511] Drop fine-grained privileges on Illumos/Solaris
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Mon Dec 14 10:46:26 AEDT 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2511
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Comment on attachment 2761
--> https://bugzilla.mindrot.org/attachment.cgi?id=2761
patch
>--- a/configure.ac
>+++ b/configure.ac
...
>+ AC_ARG_WITH([solaris-privs],
>+ [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)],
>+ [
>+ AC_CHECK_FUNC([setppriv],
>+ [ AC_CHECK_HEADERS([priv.h])
Should the following two AC_DEFINEs be conditional on priv.h being
found?
>+ AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
>+ [Define to disable UID restoration test])
>+ AC_DEFINE([USE_SOLARIS_PRIVS], [1],
>+ [Define if you have Solaris privileges])
>+ SP_MSG="yes" ], )
SP_MSG is for "Solaris project support" - did you intend to provide a
message in the configure summary section? If so, you should use a
different variable.
>+elif test "x$sandbox_arg" = "xsolaris" || \
>+ ( test -z "$sandbox_arg" && test "x$ac_cv_func_setppriv" = "xyes" ) ; then
>+ test "x$ac_cv_func_setppriv" != "xyes" && \
Rather than repeating the tests in the above block, it's probably more
robust to set a shell variable there and test it here. E.g.
elif test "x$sandbox_arg" = "xsolaris" || test "x$SOLARIS_PRIVS" =
"xyes"
>--- a/openbsd-compat/port-solaris.c
>+++ b/openbsd-compat/port-solaris.c
>+void
>+solaris_drop_fork_privs(void)
>+{
>+ priv_set_t *pset = NULL;
>+
>+ if ((pset = priv_allocset()) == NULL)
>+ fatal("priv_allocset: %s", strerror(errno));
>+
>+ /* Start with "basic" and drop everything we don't need. */
>+ priv_basicset(pset);
>+
>+ priv_delset(pset, PRIV_PROC_EXEC);
>+ priv_delset(pset, PRIV_PROC_FORK);
>+ priv_delset(pset, PRIV_FILE_LINK_ANY);
>+ priv_delset(pset, PRIV_PROC_INFO);
>+ priv_delset(pset, PRIV_PROC_SESSION);
These calls should be checked for failure.
>+ if (setppriv(PRIV_SET, PRIV_PERMITTED, pset))
>+ fatal("setppriv: %s", strerror(errno));
>+ if (setppriv(PRIV_SET, PRIV_LIMIT, pset))
>+ fatal("setppriv: %s", strerror(errno));
>+ if (setppriv(PRIV_SET, PRIV_INHERITABLE, pset))
>+ fatal("setppriv: %s", strerror(errno));
Coalesce these calls? I.e.
if (setppriv(PRIV_SET, PRIV_PERMITTED, pset) != 0 ||
setppriv(PRIV_SET, PRIV_LIMIT, pset) != 0 ||
setppriv(PRIV_SET, PRIV_INHERITABLE, pset) != 0)
fatal("setppriv: %s", strerror(errno));
same for solaris_drop_fork_net_privs() and the sandbox.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list