Displaying 5 results from an estimated 5 matches for "priv_file_chown".
2008 Nov 21
2
[PATCH] drop root privileges on solaris, request for testing
...thors, see the included COPYING file */
+
+#include "common.h"
+#include "capabilities.h"
+
+#ifdef HAVE_SETPPRIV
+
+#include <priv.h>
+
+void drop_capabilities(void)
+{
+ static const char* privs[] = {
+ "PRIV_PROC_FORK",
+ "PRIV_PROC_EXEC",
+ "PRIV_FILE_CHOWN",
+ "PRIV_PROC_SETID",
+ "PRIV_PROC_CHROOT",
+ "PRIV_NET_PRIVADDR",
+ "PRIV_FILE_DAC_READ",
+ "PRIV_FILE_DAC_WRITE",
+ NULL
+ }, **p;
+ priv_set_t *priv_set;
+ int ret;
+
+ priv_set = priv_allocset();
+ if (priv_set == NULL) {
+ i_warnin...
2016 Feb 17
4
Call for testing: OpenSSH 7.2
...(npset = priv_allocset()) == NULL)
+ fatal("priv_allocset: %s", strerror(errno));
priv_basicset(npset);
+#else
+ if ((npset = priv_str_to_set("basic", ",", NULL)) == NULL)
+ fatal("priv_str_to_set: %s", strerror(errno));
+#endif
if (priv_addset(npset, PRIV_FILE_CHOWN) != 0 ||
priv_addset(npset, PRIV_FILE_DAC_READ) != 0 ||
@@ -294,11 +300,15 @@ solaris_drop_privs_root_pinfo_net(void)
{
priv_set_t *pset = NULL;
+ /* Start with "basic" and drop everything we don't need. */
+#if defined(HAVE_PRIV_BASICSET)
if ((pset = priv_allocset()) ==...
2016 Feb 18
5
Call for testing: OpenSSH 7.2
On 2/17/16 3:02 PM, Carson Gaspar wrote:
>
> Sadly I'm hitting a different autoconf bug :-(
I was being an idiot - configure was bombing out & I didn't notice (boy
that openssl version error message is loooooong...)
With Mr. Wilson's patch, I still get:
"sandbox-solaris.c", line 22: #error: "--with-solaris-privs must be used
with the Solaris sandbox"
2016 Feb 17
5
Call for testing: OpenSSH 7.2
On Tue, 16 Feb 2016, Jeff Wieland wrote:
> The Solaris privilege code breaks building on Solaris 10. If
> you let configure just do its thing, you get the following error
> when compiling:
>
> "sandbox-solaris.c", line 22: #error: "--with-solaris-privs must be used with
> the Solaris sandbox"
>
> So, I did add "--with-solaris-privs" to the
2016 Feb 17
4
Call for testing: OpenSSH 7.2
On Wed, 17 Feb 2016, Alex Wilson wrote:
> On 2/17/16 2:04 PM, Alex Wilson wrote:
> > I've attached a patch...
> >
>
> Also at
>
> https://us-east.manta.joyent.com/arekinath/public/openssh-wip-fix-for-sol10-privs.patch
>
> If you are having trouble getting the patch out of the email.
>
> Also, as for Damien's patch, you will want to regenerate