Call for testing: OpenSSH 7.2

Thu Feb 18 10:54:28 AEDT 2016

On Thu, Feb 18, 2016 at 10:22 AM, Darren Tucker <dtucker at zip.com.au> wrote:
[...]
> After a quick look at the patch, I'm wondering if it could be
> simplified by adding an implementation of priv_basicset inside #ifndef
> HAVE_PRIV_BASICSET and doing away with the inline ifdefs?

After a read of the man pages it seems that priv_str_to_set allocates
and priv_basicset doesn't so it's not a drop in replacement, however
factoring the basicset code out still seems to be cleaner, eg
(completely untested):

diff --git a/configure.ac b/configure.ac
index b4c0aaa..d910f53 100644
--- a/configure.ac
+++ b/configure.ac
@@ -898,6 +898,7 @@ mips-sony-bsd|mips-sony-newsos4)
 	fi
 	AC_CHECK_FUNC([setppriv],
 		[ AC_CHECK_HEADERS([priv.h], [
+			AC_CHECK_FUNCS([priv_basicset])
 			SOLARIS_PRIVS="yes"
 		])
 	])
diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c
index 962cd16..4a42a36 100644
--- a/openbsd-compat/port-solaris.c
+++ b/openbsd-compat/port-solaris.c
@@ -233,6 +233,22 @@ solaris_set_default_project(struct passwd *pw)
 #  include <priv.h>
 # endif
 
+priv_set_t *
+solaris_basic_privset(void)
+{
+	priv_set_t *pset;
+
+#ifdef HAVE_PRIV_BASICSET
+	if ((pset = priv_allocset()) == NULL)
+		fatal("priv_allocset: %s", strerror(errno));
+	priv_basicset(pset);
+#else
+	if ((pset = priv_str_to_set("basic", ",", NULL)) == NULL)
+		fatal("priv_str_to_set: %s", strerror(errno));
+#endif
+	return pset;
+}
+
 void
 solaris_drop_privs_pinfo_net_fork_exec(void)
 {
@@ -254,11 +270,9 @@ solaris_drop_privs_pinfo_net_fork_exec(void)
 	 * etc etc).
 	 */
 
-	if ((pset = priv_allocset()) == NULL ||
-	    (npset = priv_allocset()) == NULL)
+	if ((pset = priv_allocset()) == NULL)
 		fatal("priv_allocset: %s", strerror(errno));
-
-	priv_basicset(npset);
+	npset = solaris_basic_privset();
 
 	if (priv_addset(npset, PRIV_FILE_CHOWN) != 0 ||
 	    priv_addset(npset, PRIV_FILE_DAC_READ) != 0 ||
@@ -294,11 +308,8 @@ solaris_drop_privs_root_pinfo_net(void)
 {
 	priv_set_t *pset = NULL;
 
-	if ((pset = priv_allocset()) == NULL)
-		fatal("priv_allocset: %s", strerror(errno));
-
 	/* Start with "basic" and drop everything we don't need. */
-	priv_basicset(pset);
+	pset = solaris_basic_privset();
 
 	if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 ||
 	    priv_delset(pset, PRIV_NET_ACCESS) != 0 ||
@@ -319,11 +330,9 @@ solaris_drop_privs_root_pinfo_net_exec(void)
 {
 	priv_set_t *pset = NULL;
 
-	if ((pset = priv_allocset()) == NULL)
-		fatal("priv_allocset: %s", strerror(errno));
 
 	/* Start with "basic" and drop everything we don't need. */
-	priv_basicset(pset);
+	pset = solaris_basic_privset();
 
 	if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 ||
 	    priv_delset(pset, PRIV_NET_ACCESS) != 0 ||
diff --git a/openbsd-compat/port-solaris.h b/openbsd-compat/port-solaris.h
index b077e18..3a41ea8 100644
--- a/openbsd-compat/port-solaris.h
+++ b/openbsd-compat/port-solaris.h
@@ -26,8 +26,11 @@ void solaris_contract_pre_fork(void);
 void solaris_contract_post_fork_child(void);
 void solaris_contract_post_fork_parent(pid_t pid);
 void solaris_set_default_project(struct passwd *);
+# ifdef USE_SOLARIS_PRIVS
+priv_set_t *solaris_basic_privset(void);
 void solaris_drop_privs_pinfo_net_fork_exec(void);
 void solaris_drop_privs_root_pinfo_net(void);
 void solaris_drop_privs_root_pinfo_net_exec(void);
+# endif /* USE_SOLARIS_PRIVS */
 
 #endif
diff --git a/sandbox-solaris.c b/sandbox-solaris.c
index 98714e1..8e81c2b 100644
--- a/sandbox-solaris.c
+++ b/sandbox-solaris.c
@@ -48,16 +48,15 @@ ssh_sandbox_init(struct monitor *monitor)
 	struct ssh_sandbox *box = NULL;
 
 	box = xcalloc(1, sizeof(*box));
-	box->pset = priv_allocset();
+
+	/* Start with "basic" and drop everything we don't need. */
+	box->pset = solaris_basic_privset();
 
 	if (box->pset == NULL) {
 		free(box);
 		return NULL;
 	}
 
-	/* Start with "basic" and drop everything we don't need. */
-	priv_basicset(box->pset);
-
 	/* Drop everything except the ability to use already-opened files */
 	if (priv_delset(box->pset, PRIV_FILE_LINK_ANY) != 0 ||
 	    priv_delset(box->pset, PRIV_NET_ACCESS) != 0 ||

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
