Displaying 2 results from an estimated 2 matches for "platform_drop_agent_privs".
2015 Nov 13
2
[PATCH] Drop fine-grained privileges on Illumos/Solaris
....c.
> ...
> The other place these look like the'd be useful is in the pre-auth
> privsep sandbox...
>
Ok, please find attached a revised version. I've moved all of the
pre-auth privsep bit into a new sandbox-solaris.c, and for the ssh-agent
and sftp-server I've created the platform_drop_agent_privs() and
platform_drop_sftp_server_privs() hooks which, if USE_SOLARIS_PRIVS is
enabled then call out to the code that's now in
openbsd-compat/port-solaris.c
Does this look a bit better? The biggest annoyance I had is that now
ssh-agent and sftp-server have to link against platform.o, and the
eas...
2015 Nov 13
2
[PATCH] Drop fine-grained privileges on Illumos/Solaris
Hi,
I'm not sure how interested anybody here is in this, but I've been
working lately on getting rid of the horror that is SunSSH for some
distros of Illumos (mostly SmartOS). One of the patches we're carrying
around at the moment is one that simply drops fine-grained privileges in
sshd, ssh-agent and sftp-server. Since the privilege dropping here is
roughly equivalent to a more