Call for testing: OpenSSH 7.2
Alex Wilson
alex at cooperi.net
Thu Feb 18 11:20:36 AEDT 2016
On 2/17/16 3:54 PM, Darren Tucker wrote:
> On Thu, Feb 18, 2016 at 10:22 AM, Darren Tucker <dtucker at zip.com.au> wrote:
> [...]
>> After a quick look at the patch, I'm wondering if it could be
>> simplified by adding an implementation of priv_basicset inside #ifndef
>> HAVE_PRIV_BASICSET and doing away with the inline ifdefs?
>
> After a read of the man pages it seems that priv_str_to_set allocates
> and priv_basicset doesn't so it's not a drop in replacement, however
> factoring the basicset code out still seems to be cleaner, eg
> (completely untested):
>
That patch looks nicer to me, too. It compiles on S10 and Illumos, but I
haven't fully tested it yet (the S10 box I found currently has a broken
OpenSSL which I'm trying to figure out)
For older S10 I've also had to add this patch (below), since it seems
PRIV_NET_ACCESS is also a newer addition (it came in sometime in the
osol era apparently)
diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c
index 4a42a36..40285b7 100644
--- a/openbsd-compat/port-solaris.c
+++ b/openbsd-compat/port-solaris.c
@@ -282,13 +282,17 @@ solaris_drop_privs_pinfo_net_fork_exec(void)
fatal("priv_addset: %s", strerror(errno));
if (priv_delset(npset, PRIV_FILE_LINK_ANY) != 0 ||
- priv_delset(npset, PRIV_NET_ACCESS) != 0 ||
priv_delset(npset, PRIV_PROC_EXEC) != 0 ||
priv_delset(npset, PRIV_PROC_FORK) != 0 ||
priv_delset(npset, PRIV_PROC_INFO) != 0 ||
priv_delset(npset, PRIV_PROC_SESSION) != 0)
fatal("priv_delset: %s", strerror(errno));
+# if defined(PRIV_NET_ACCESS)
+ if (priv_delset(npset, PRIV_NET_ACCESS) != 0)
+ fatal("priv_delset: %s", strerror(errno));
+# endif
+
if (getppriv(PRIV_PERMITTED, pset) != 0)
fatal("getppriv: %s", strerror(errno));
@@ -312,11 +316,15 @@ solaris_drop_privs_root_pinfo_net(void)
pset = solaris_basic_privset();
if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 ||
- priv_delset(pset, PRIV_NET_ACCESS) != 0 ||
priv_delset(pset, PRIV_PROC_INFO) != 0 ||
priv_delset(pset, PRIV_PROC_SESSION) != 0)
fatal("priv_delset: %s", strerror(errno));
+# if defined(PRIV_NET_ACCESS)
+ if (priv_delset(pset, PRIV_NET_ACCESS) != 0)
+ fatal("priv_delset: %s", strerror(errno));
+# endif
+
if (setppriv(PRIV_SET, PRIV_PERMITTED, pset) != 0 ||
setppriv(PRIV_SET, PRIV_LIMIT, pset) != 0 ||
setppriv(PRIV_SET, PRIV_INHERITABLE, pset) != 0)
@@ -335,12 +343,16 @@ solaris_drop_privs_root_pinfo_net_exec(void)
pset = solaris_basic_privset();
if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 ||
- priv_delset(pset, PRIV_NET_ACCESS) != 0 ||
priv_delset(pset, PRIV_PROC_EXEC) != 0 ||
priv_delset(pset, PRIV_PROC_INFO) != 0 ||
priv_delset(pset, PRIV_PROC_SESSION) != 0)
fatal("priv_delset: %s", strerror(errno));
+# if defined(PRIV_NET_ACCESS)
+ if (priv_delset(pset, PRIV_NET_ACCESS) != 0)
+ fatal("priv_delset: %s", strerror(errno));
+# endif
+
if (setppriv(PRIV_SET, PRIV_PERMITTED, pset) != 0 ||
setppriv(PRIV_SET, PRIV_LIMIT, pset) != 0 ||
setppriv(PRIV_SET, PRIV_INHERITABLE, pset) != 0)
diff --git a/sandbox-solaris.c b/sandbox-solaris.c
index 8e81c2b..a1506d6 100644
--- a/sandbox-solaris.c
+++ b/sandbox-solaris.c
@@ -59,7 +59,6 @@ ssh_sandbox_init(struct monitor *monitor)
/* Drop everything except the ability to use already-opened files */
if (priv_delset(box->pset, PRIV_FILE_LINK_ANY) != 0 ||
- priv_delset(box->pset, PRIV_NET_ACCESS) != 0 ||
priv_delset(box->pset, PRIV_PROC_EXEC) != 0 ||
priv_delset(box->pset, PRIV_PROC_FORK) != 0 ||
priv_delset(box->pset, PRIV_PROC_INFO) != 0 ||
@@ -67,7 +66,12 @@ ssh_sandbox_init(struct monitor *monitor)
free(box);
return NULL;
}
-
+# if defined(PRIV_NET_ACCESS)
+ if (priv_delset(box->pset, PRIV_NET_ACCESS) != 0) {
+ free(box);
+ return NULL;
+ }
+# endif
/* These may not be available on older Solaris-es */
# if defined(PRIV_FILE_READ) && defined(PRIV_FILE_WRITE)
if (priv_delset(box->pset, PRIV_FILE_READ) != 0 ||
More information about the openssh-unix-dev
mailing list