On 2/17/16 9:50 AM, Carson Gaspar wrote:> Solaris 10 has setppriv, but does not have priv_basicset. To work on
> Solaris 10, the call would need to be replaced with the equivalent set
> of explicitly listed privs:
The prior art in other apps on the system seems to suggest that
priv_str_to_set is a better fallback if priv_basicset is not available.
I've attached a patch that seems to build and work on Illumos in both
modes (using priv_basicset and using priv_str_to_set). Would you mind
trying it on Solaris 10 for me? I did write this keeping Solaris 10 in
mind originally, but apparently I missed the lack of priv_basicset. Sorry.
-------------- next part -------------->From 6cc3cf443748a3047ca642fd70438baffd2860fd Mon Sep 17 00:00:00 2001
From: Alex Wilson <alex.wilson at joyent.com>
Date: Wed, 17 Feb 2016 13:56:01 -0800
Subject: [PATCH] wip: fix for sol10 privs
---
configure.ac | 1 +
openbsd-compat/port-solaris.c | 26 ++++++++++++++++++++------
sandbox-solaris.c | 11 ++++++++---
3 files changed, 29 insertions(+), 9 deletions(-)
diff --git a/configure.ac b/configure.ac
index b4c0aaa..d910f53 100644
--- a/configure.ac
+++ b/configure.ac
@@ -898,6 +898,7 @@ mips-sony-bsd|mips-sony-newsos4)
fi
AC_CHECK_FUNC([setppriv],
[ AC_CHECK_HEADERS([priv.h], [
+ AC_CHECK_FUNCS([priv_basicset])
SOLARIS_PRIVS="yes"
])
])
diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c
index 962cd16..0ba80c6 100644
--- a/openbsd-compat/port-solaris.c
+++ b/openbsd-compat/port-solaris.c
@@ -254,11 +254,17 @@ solaris_drop_privs_pinfo_net_fork_exec(void)
* etc etc).
*/
- if ((pset = priv_allocset()) == NULL ||
- (npset = priv_allocset()) == NULL)
+ if ((pset = priv_allocset()) == NULL)
fatal("priv_allocset: %s", strerror(errno));
+#if defined(HAVE_PRIV_BASICSET)
+ if ((npset = priv_allocset()) == NULL)
+ fatal("priv_allocset: %s", strerror(errno));
priv_basicset(npset);
+#else
+ if ((npset = priv_str_to_set("basic", ",", NULL)) == NULL)
+ fatal("priv_str_to_set: %s", strerror(errno));
+#endif
if (priv_addset(npset, PRIV_FILE_CHOWN) != 0 ||
priv_addset(npset, PRIV_FILE_DAC_READ) != 0 ||
@@ -294,11 +300,15 @@ solaris_drop_privs_root_pinfo_net(void)
{
priv_set_t *pset = NULL;
+ /* Start with "basic" and drop everything we don't need. */
+#if defined(HAVE_PRIV_BASICSET)
if ((pset = priv_allocset()) == NULL)
fatal("priv_allocset: %s", strerror(errno));
-
- /* Start with "basic" and drop everything we don't need. */
priv_basicset(pset);
+#else
+ if ((pset = priv_str_to_set("basic", ",", NULL)) == NULL)
+ fatal("priv_str_to_set: %s", strerror(errno));
+#endif
if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 ||
priv_delset(pset, PRIV_NET_ACCESS) != 0 ||
@@ -319,11 +329,15 @@ solaris_drop_privs_root_pinfo_net_exec(void)
{
priv_set_t *pset = NULL;
+ /* Start with "basic" and drop everything we don't need. */
+#if defined(HAVE_PRIV_BASICSET)
if ((pset = priv_allocset()) == NULL)
fatal("priv_allocset: %s", strerror(errno));
-
- /* Start with "basic" and drop everything we don't need. */
priv_basicset(pset);
+#else
+ if ((pset = priv_str_to_set("basic", ",", NULL)) == NULL)
+ fatal("priv_str_to_set: %s", strerror(errno));
+#endif
if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 ||
priv_delset(pset, PRIV_NET_ACCESS) != 0 ||
diff --git a/sandbox-solaris.c b/sandbox-solaris.c
index 98714e1..a1828ed 100644
--- a/sandbox-solaris.c
+++ b/sandbox-solaris.c
@@ -48,15 +48,20 @@ ssh_sandbox_init(struct monitor *monitor)
struct ssh_sandbox *box = NULL;
box = xcalloc(1, sizeof(*box));
- box->pset = priv_allocset();
+ /* Start with "basic" and drop everything we don't need. */
+#if defined(HAVE_PRIV_BASICSET)
+ box->pset = priv_allocset();
+#else
+ box->pset = priv_str_to_set("basic", ",", NULL);
+#endif
if (box->pset == NULL) {
free(box);
return NULL;
}
-
- /* Start with "basic" and drop everything we don't need. */
+#if defined(HAVE_PRIV_BASICSET)
priv_basicset(box->pset);
+#endif
/* Drop everything except the ability to use already-opened files */
if (priv_delset(box->pset, PRIV_FILE_LINK_ANY) != 0 ||
--
2.5.4 (Apple Git-61)