| zlogin.c (e5816e352629470f540696fb7aa56c52d6719e67) | zlogin.c (634e26ec75c89095090605284938356a3145f2b8) |
|---|---|
| 1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE --- 5 unchanged lines hidden (view full) --- 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* | 1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE --- 5 unchanged lines hidden (view full) --- 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* |
| 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. | 22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. |
| 23 * Use is subject to license terms. 24 */ 25 26/* 27 * zlogin provides three types of login which allow users in the global 28 * zone to access non-global zones. 29 * 30 * - "interactive login" is similar to rlogin(1); for example, the user could --- 154 unchanged lines hidden (view full) --- 185 * fork(), since we must have it for security; we don't want to be surprised 186 * later that we couldn't allocate the privset. 187 */ 188static int 189prefork_dropprivs() 190{ 191 if ((dropprivs = priv_allocset()) == NULL) 192 return (1); | 23 * Use is subject to license terms. 24 */ 25 26/* 27 * zlogin provides three types of login which allow users in the global 28 * zone to access non-global zones. 29 * 30 * - "interactive login" is similar to rlogin(1); for example, the user could --- 154 unchanged lines hidden (view full) --- 185 * fork(), since we must have it for security; we don't want to be surprised 186 * later that we couldn't allocate the privset. 187 */ 188static int 189prefork_dropprivs() 190{ 191 if ((dropprivs = priv_allocset()) == NULL) 192 return (1); |
| 193 priv_emptyset(dropprivs); | |
| 194 | 193 |
| 194 priv_basicset(dropprivs); 195 (void) priv_delset(dropprivs, PRIV_PROC_INFO); 196 (void) priv_delset(dropprivs, PRIV_PROC_FORK); 197 (void) priv_delset(dropprivs, PRIV_PROC_EXEC); 198 (void) priv_delset(dropprivs, PRIV_FILE_LINK_ANY); 199 |
|
| 195 /* | 200 /* |
| 196 * We need these privileges in order to query session information and | 201 * We need to keep the basic privilege PROC_SESSION and all unknown 202 * basic privileges as well as the privileges PROC_ZONE and 203 * PROC_OWNER in order to query session information and |
| 197 * send signals. 198 */ 199 if (interactive == 0) { | 204 * send signals. 205 */ 206 if (interactive == 0) { |
| 200 if (priv_addset(dropprivs, "proc_session") == -1) 201 return (1); 202 if (priv_addset(dropprivs, "proc_zone") == -1) 203 return (1); 204 if (priv_addset(dropprivs, "proc_owner") == -1) 205 return (1); | 207 (void) priv_addset(dropprivs, PRIV_PROC_ZONE); 208 (void) priv_addset(dropprivs, PRIV_PROC_OWNER); 209 } else { 210 (void) priv_delset(dropprivs, PRIV_PROC_SESSION); |
| 206 } 207 208 return (0); 209} 210 211/* 212 * The second part of the privilege drop. We are paranoid about being attacked 213 * by the zone, so we drop all privileges. This should prevent a compromise --- 1930 unchanged lines hidden --- | 211 } 212 213 return (0); 214} 215 216/* 217 * The second part of the privilege drop. We are paranoid about being attacked 218 * by the zone, so we drop all privileges. This should prevent a compromise --- 1930 unchanged lines hidden --- |