[openssh-commits] [openssh] 01/01: retain Solaris PRIV_FILE_LINK_ANY in sftp-server
git+noreply at mindrot.org
git+noreply at mindrot.org
Mon Sep 2 10:25:35 AEST 2019
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 6b7c53498def19a14dd9587bf521ab6dbee8988f
Author: Damien Miller <djm at mindrot.org>
Date: Mon Sep 2 10:22:02 2019 +1000
retain Solaris PRIV_FILE_LINK_ANY in sftp-server
Dropping this privilege removes the ability to create hard links to
files owned by other users. This is required for the legacy sftp rename
operation.
bz#3036; approach ok Alex Wilson (the original author of the Solaris
sandbox/pledge replacement code)
---
openbsd-compat/port-solaris.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c
index a7c92545..7d5a28cd 100644
--- a/openbsd-compat/port-solaris.c
+++ b/openbsd-compat/port-solaris.c
@@ -284,11 +284,10 @@ solaris_drop_privs_pinfo_net_fork_exec(void)
priv_addset(npset, PRIV_FILE_OWNER) != 0)
fatal("priv_addset: %s", strerror(errno));
- if (priv_delset(npset, PRIV_FILE_LINK_ANY) != 0 ||
+ if (priv_delset(npset, PRIV_PROC_EXEC) != 0 ||
#ifdef PRIV_NET_ACCESS
priv_delset(npset, PRIV_NET_ACCESS) != 0 ||
#endif
- priv_delset(npset, PRIV_PROC_EXEC) != 0 ||
priv_delset(npset, PRIV_PROC_FORK) != 0 ||
priv_delset(npset, PRIV_PROC_INFO) != 0 ||
priv_delset(npset, PRIV_PROC_SESSION) != 0)
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list