On Thu, Feb 18, 2016 at 10:22 AM, Darren Tucker <dtucker@xxxxxxxxxx> wrote: [...] > After a quick look at the patch, I'm wondering if it could be > simplified by adding an implementation of priv_basicset inside #ifndef > HAVE_PRIV_BASICSET and doing away with the inline ifdefs? After a read of the man pages it seems that priv_str_to_set allocates and priv_basicset doesn't so it's not a drop in replacement, however factoring the basicset code out still seems to be cleaner, eg (completely untested): diff --git a/configure.ac b/configure.ac index b4c0aaa..d910f53 100644 --- a/configure.ac +++ b/configure.ac @@ -898,6 +898,7 @@ mips-sony-bsd|mips-sony-newsos4) fi AC_CHECK_FUNC([setppriv], [ AC_CHECK_HEADERS([priv.h], [ + AC_CHECK_FUNCS([priv_basicset]) SOLARIS_PRIVS="yes" ]) ]) diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c index 962cd16..4a42a36 100644 --- a/openbsd-compat/port-solaris.c +++ b/openbsd-compat/port-solaris.c @@ -233,6 +233,22 @@ solaris_set_default_project(struct passwd *pw) # include <priv.h> # endif +priv_set_t * +solaris_basic_privset(void) +{ + priv_set_t *pset; + +#ifdef HAVE_PRIV_BASICSET + if ((pset = priv_allocset()) == NULL) + fatal("priv_allocset: %s", strerror(errno)); + priv_basicset(pset); +#else + if ((pset = priv_str_to_set("basic", ",", NULL)) == NULL) + fatal("priv_str_to_set: %s", strerror(errno)); +#endif + return pset; +} + void solaris_drop_privs_pinfo_net_fork_exec(void) { @@ -254,11 +270,9 @@ solaris_drop_privs_pinfo_net_fork_exec(void) * etc etc). */ - if ((pset = priv_allocset()) == NULL || - (npset = priv_allocset()) == NULL) + if ((pset = priv_allocset()) == NULL) fatal("priv_allocset: %s", strerror(errno)); - - priv_basicset(npset); + npset = solaris_basic_privset(); if (priv_addset(npset, PRIV_FILE_CHOWN) != 0 || priv_addset(npset, PRIV_FILE_DAC_READ) != 0 || @@ -294,11 +308,8 @@ solaris_drop_privs_root_pinfo_net(void) { priv_set_t *pset = NULL; - if ((pset = priv_allocset()) == NULL) - fatal("priv_allocset: %s", strerror(errno)); - /* Start with "basic" and drop everything we don't need. */ - priv_basicset(pset); + pset = solaris_basic_privset(); if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 || priv_delset(pset, PRIV_NET_ACCESS) != 0 || @@ -319,11 +330,9 @@ solaris_drop_privs_root_pinfo_net_exec(void) { priv_set_t *pset = NULL; - if ((pset = priv_allocset()) == NULL) - fatal("priv_allocset: %s", strerror(errno)); /* Start with "basic" and drop everything we don't need. */ - priv_basicset(pset); + pset = solaris_basic_privset(); if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 || priv_delset(pset, PRIV_NET_ACCESS) != 0 || diff --git a/openbsd-compat/port-solaris.h b/openbsd-compat/port-solaris.h index b077e18..3a41ea8 100644 --- a/openbsd-compat/port-solaris.h +++ b/openbsd-compat/port-solaris.h @@ -26,8 +26,11 @@ void solaris_contract_pre_fork(void); void solaris_contract_post_fork_child(void); void solaris_contract_post_fork_parent(pid_t pid); void solaris_set_default_project(struct passwd *); +# ifdef USE_SOLARIS_PRIVS +priv_set_t *solaris_basic_privset(void); void solaris_drop_privs_pinfo_net_fork_exec(void); void solaris_drop_privs_root_pinfo_net(void); void solaris_drop_privs_root_pinfo_net_exec(void); +# endif /* USE_SOLARIS_PRIVS */ #endif diff --git a/sandbox-solaris.c b/sandbox-solaris.c index 98714e1..8e81c2b 100644 --- a/sandbox-solaris.c +++ b/sandbox-solaris.c @@ -48,16 +48,15 @@ ssh_sandbox_init(struct monitor *monitor) struct ssh_sandbox *box = NULL; box = xcalloc(1, sizeof(*box)); - box->pset = priv_allocset(); + + /* Start with "basic" and drop everything we don't need. */ + box->pset = solaris_basic_privset(); if (box->pset == NULL) { free(box); return NULL; } - /* Start with "basic" and drop everything we don't need. */ - priv_basicset(box->pset); - /* Drop everything except the ability to use already-opened files */ if (priv_delset(box->pset, PRIV_FILE_LINK_ANY) != 0 || priv_delset(box->pset, PRIV_NET_ACCESS) != 0 || -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev