[PATCH] Drop fine-grained privileges on Illumos/Solaris

Darren Tucker dtucker at zip.com.au
Fri Nov 13 13:24:59 AEDT 2015

On Fri, Nov 13, 2015 at 12:00 PM, Alex Wilson <alex at cooperi.net> wrote:
> I'm not sure how interested anybody here is in this, but I've been
> working lately on getting rid of the horror that is SunSSH for some
> distros of Illumos (mostly SmartOS).

As long as someone is willing to do the work and help with tests
(which it sounds like you are), the support doesn't compromise other
platforms or make maintenance significantly harder then I have no
objections to it going in.

> One of the patches we're carrying
> around at the moment is one that simply drops fine-grained privileges in
> sshd, ssh-agent and sftp-server. Since the privilege dropping here is
> roughly equivalent to a more verbose, coarser version of a tame() call,
> I was wondering if there might be any interest in taking it into
> openssh-portable in future.

The code itself looks quite reasonable.  Placing it inline in the main
source files is problematic since it makes maintenance of those files
harder, but it it should fit nicely in openbsd-compat/port-solaris.c.

The similarities to tame (now renamed "pledge" in OpenBSD) are
potentially useful, as we may be able to put pledge calls into the
mainline code then use that to hook into the code you wrote.

The other place these look like the'd be useful is in the pre-auth
privsep sandbox, so you may want to look at one of the example
sandbox-*.c files.

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list