diff options
author | Damien Miller <djm@mindrot.org> | 2023-10-12 13:20:01 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2023-10-12 13:20:01 +1100 |
commit | 281c79168edcc303abfd5bca983616eaa24c5f32 (patch) | |
tree | 10dbd4e51d6425145605aaaa34be3dee74c18057 | |
parent | 98fc34df837f3a3b79d2a111b96fe8a39adcab55 (diff) |
Solaris: prefer PRIV_XPOLICY to PRIV_LIMIT
If the system support PRIV_XPOLICY and one is set, then don't
modify PRIV_LIMIT. bz2833, patch from Ron Jordan, ok dtucker@
-rw-r--r-- | openbsd-compat/port-solaris.c | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c index 10c2d6b7..05aa1f76 100644 --- a/openbsd-compat/port-solaris.c +++ b/openbsd-compat/port-solaris.c @@ -292,13 +292,35 @@ solaris_drop_privs_pinfo_net_fork_exec(void) priv_delset(npset, PRIV_PROC_SESSION) != 0) fatal("priv_delset: %s", strerror(errno)); +#ifdef PRIV_XPOLICY + /* + * It is possible that the user has an extended policy + * in place; the LIMIT set restricts the extended policy + * and so should not be restricted. + * PRIV_XPOLICY is newly defined in Solaris 11 though the extended + * policy was not implemented until Solaris 11.1. + */ + if (getpflags(PRIV_XPOLICY) == 1) { + if (getppriv(PRIV_LIMIT, pset) != 0) + fatal("getppriv: %s", strerror(errno)); + priv_intersect(pset, npset); + if (setppriv(PRIV_SET, PRIV_LIMIT, npset) != 0) + fatal("setppriv: %s", strerror(errno)); + } else +#endif + { + /* Cannot exec, so we can kill the limit set. */ + priv_emptyset(pset); + if (setppriv(PRIV_SET, PRIV_LIMIT, pset) != 0) + fatal("setppriv: %s", strerror(errno)); + } + if (getppriv(PRIV_PERMITTED, pset) != 0) fatal("getppriv: %s", strerror(errno)); priv_intersect(pset, npset); if (setppriv(PRIV_SET, PRIV_PERMITTED, npset) != 0 || - setppriv(PRIV_SET, PRIV_LIMIT, npset) != 0 || setppriv(PRIV_SET, PRIV_INHERITABLE, npset) != 0) fatal("setppriv: %s", strerror(errno)); |