similar to: [PATCH] drop root privileges on solaris, request for testing

This patchset applies to klibc mainline. As is it will probably collide with Maximilian's recent patch to rename run-init to switch_root posted last week. To boot an untrusted environment with certain capabilities locked out, we'd like to be able to drop the capabilities up front from early userspace, before we actually transition onto the root volume. This patchset implements this by

https://bugzilla.mindrot.org/show_bug.cgi?id=2511 Bug ID: 2511 Summary: Drop fine-grained privileges on Illumos/Solaris Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Solaris Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs

Inline below is a simple patch that drops the root capabilities that aren't needed (inspired by a similar patch against the mpm_itk project!). Possibly it is a little too restrictive, extras can be added to suidcaps, but on platforms that support capabilities this will prevent things such as kernel module loading. Needed on linux is libcap, available in most distros. Note that this

FreeBSD-12 Dovecot-2.3.5 I am having problems with one use Mar 25 21:30:12 imap(gau.mon at crownkenya.com)<91364><U7qCZO+ECfCaRh6E>: Fatal: master: service(imap): child 91364 killed with signal 6 (core dumped) Mar 25 21:30:14 imap(gau.mon at crownkenya.com)<2381><moHYZO+EDvCaRh6E>: Fatal: master: service(imap): child 2381 killed with signal 6 (core dumped) Mar 26 06:29:26

Dovecot-2.3.5, FreeBSD-12 (amd64), I will wait to see coredumps after setting up things to allow it. Mar 24 20:56:08 imap(john.doe at crownkenya.com)<82746><wg80zdqEy+eaTXHr>: Panic: file mempool-system.c: line 137 (pool_system_realloc): assertion failed: (old_size == (size_t)-1 || mem == NULL || old_size <= malloc_usable_size(mem)) Mar 24 20:56:08 imap(john.doe at

On Wed, 17 Feb 2016, Alex Wilson wrote: > On 2/17/16 2:04 PM, Alex Wilson wrote: > > I've attached a patch... > > > > Also at > > https://us-east.manta.joyent.com/arekinath/public/openssh-wip-fix-for-sol10-privs.patch > > If you are having trouble getting the patch out of the email. > > Also, as for Damien's patch, you will want to regenerate

Building on the work in ff0a614bd724f6c4c6a5014a9955dc1bc028f336, this moves the capability code down into the run-init library, so that run-init can use it as well, via the new "-d" flag. Signed-off-by: Kees Cook <kees at outflux.net> --- usr/kinit/Kbuild | 3 +-- usr/kinit/capabilities.h | 10 ++++++++++ usr/kinit/kinit.c | 6 +++---

This patch adds the ability to kinit to allow the dropping of POSIX capabilities. kinit is modified by this change, such that it understands the new kernel command line "drop_capabilities=" that specifies a comma separated list of capability names that should be dropped before switching over to the next init in the boot strap (typically on the root disk). When processing capabilities

initramfs-tools wants to validate the real init program before running it, as there is no way out once it has exec'd run-init. This is complicated by the increasing use of symlinks for /sbin/init and for /sbin itself. We can't simply resolve them with 'readlink -f' because any absolute symlinks will be resolved using the wrong root. Add a dry-run mode (-n option) to run-init

On Tue, 16 Feb 2016, Jeff Wieland wrote: > The Solaris privilege code breaks building on Solaris 10. If > you let configure just do its thing, you get the following error > when compiling: > > "sandbox-solaris.c", line 22: #error: "--with-solaris-privs must be used with > the Solaris sandbox" > > So, I did add "--with-solaris-privs" to the

Commit-ID: 10059fddba9f8bec6aeb0d37d217df6d65e64c3b Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=10059fddba9f8bec6aeb0d37d217df6d65e64c3b Author: Ben Hutchings <ben at decadent.org.uk> AuthorDate: Sun, 17 Jan 2016 19:50:28 +0000 Committer: Ben Hutchings <ben at decadent.org.uk> CommitDate: Wed, 2 Jan 2019 03:08:04 +0000 [klibc] run-init: Add dry-run mode

Skipped content of type multipart/alternative-------------- next part -------------- --- ssl-proxy-openssl.c.orig 2006-04-04 10:32:58.000000000 +0200 +++ ssl-proxy-openssl.c 2006-06-01 09:24:57.000000000 +0200 @@ -498,7 +498,7 @@ const char *ssl_proxy_get_peer_name(struct ssl_proxy *proxy) { X509 *x509; - char buf[1024]; + char buf[256]; const char *name; if

On 2/17/16 9:50 AM, Carson Gaspar wrote: > Solaris 10 has setppriv, but does not have priv_basicset. To work on > Solaris 10, the call would need to be replaced with the equivalent set > of explicitly listed privs: The prior art in other apps on the system seems to suggest that priv_str_to_set is a better fallback if priv_basicset is not available. I've attached a patch that seems

systemd supports switching back to the initramfs during shutdown in order to make it easier to clean up the root file system. This is desirable in order to allow us to remove keys from RAM before rebooting, making it harder to obtain confidential information by rebooting into an environment that scrapes RAM contents. Signed-off-by: Matthew Garrett <mjg59 at google.com> ---

On Tue, Feb 16, 2016 at 01:28:42AM -0500, Jeff Wieland wrote: > The Solaris privilege code breaks building on Solaris 10. If > you let configure just do its thing, you get the following error > when compiling: > > "sandbox-solaris.c", line 22: #error: "--with-solaris-privs must be used > with the Solaris sandbox" Could you please try this patch? It adds

Commit-ID: 603f1bb024a03d9c50a89e7256ae7814292baf06 Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=603f1bb024a03d9c50a89e7256ae7814292baf06 Author: Matthew Garrett <matthewgarrett at google.com> AuthorDate: Thu, 18 Apr 2019 12:12:27 -0700 Committer: Ben Hutchings <ben at decadent.org.uk> CommitDate: Sat, 20 Apr 2019 17:11:34 +0100 [klibc] run-init: Allow

Hey, I noticed that there was an ioloop "module" (if we can call it that) for select and poll and decided to add one for kqueue (aka kevent) BSDs high performance descriptor multiplexing API. I haven't done any of the configure glue stuff but the code is complete and works well. kqueue is available on all recent versions of FreeBSD, NetBSD, OpenBSD and Darwin (and therefore MacOS

systemd supports switching back to the initramfs during shutdown in order to make it easier to clean up the root file system. This is desirable in order to allow us to remove keys from RAM before rebooting, making it harder to obtain confidential information by rebooting into an environment that scrapes RAM contents. --- debian/changelog | 4 +

Hi Timo, Awhile back I'd written about making changes to some of the log levels that dovecot writes to to stop the process from writing these to monitor. I wanted to run a few changes by you for this, just to make sure these won't cause problems somewhere else. And to send this to the list, in case anyone else wants to make similar changes in the future. In the file

Hello! I have used Dovecot for more than a year without problems, but today it just crashed with this message: dovecot: Apr 09 21:23:38 Panic: file mempool-system.c: line 104 (pool_system_realloc): assertion failed: (old_size == (size_t)-1 || mem == NULL || old_size <= malloc_usable_size(mem)) dovecot: Apr 09 21:23:38 Error: Raw backtrace: /usr/local/sbin/dovecot [0x805757c] ->