[Bug 2511] Drop fine-grained privileges on Illumos/Solaris

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Mon Dec 14 18:01:06 AEDT 2015 

https://bugzilla.mindrot.org/show_bug.cgi?id=2511

Alex Wilson <alex+mailinglists_openssh-dev at cooperi.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2761|0                           |1
        is obsolete|                            |

--- Comment #4 from Alex Wilson <alex+mailinglists_openssh-dev at cooperi.net> ---
Created attachment 2770
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2770&action=edit
patch-v2

Re: the missing sandbox-solaris.o in Makefile.in, and the re-use of
SP_MSG, those were silly mistakes because I didn't copy that fix across
from my build machine after I spotted it there. My apologies.

I've attached a new patch (against current git master 39736be) with
these issues fixed. I've condensed the checks for setppriv and priv.h
to set a $SOLARIS_PRIVS shell variable as you suggested, which is then
re-used by the two checks. The ifs for setppriv, and the new ifs
introduced for priv_delset have been condensed into || as you
suggested. priv_delset can only fail if the argument given to it is
invalid, but extra checks can never hurt.

I have also moved the calls to platform_drop_x_privs() to be colocated
with the new pledge() calls where possible, and noted in the comments
above them (in platform.c) that they should match the pledge() they sit
next to as much as possible.

I did have one other question/comment -- from what I can tell, the
pledge() call in ssh-agent seems to be broader than it needs to be:
it's currently allowing "exec", but the pledge() call happens after the
final exec() that the ssh-agent can do. Am I mistaken on this? If I am,
then the code in this patch should also avoid dropping "exec"
(currently it drops it).

(Oh, and this patch is definitely identical to the one on my build/test
machine this time...)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list