1761efaa7SDag-Erling Smørgrav /* 2761efaa7SDag-Erling Smørgrav * Copyright (c) 2006 Chad Mynhier. 3761efaa7SDag-Erling Smørgrav * 4761efaa7SDag-Erling Smørgrav * Permission to use, copy, modify, and distribute this software for any 5761efaa7SDag-Erling Smørgrav * purpose with or without fee is hereby granted, provided that the above 6761efaa7SDag-Erling Smørgrav * copyright notice and this permission notice appear in all copies. 7761efaa7SDag-Erling Smørgrav * 8761efaa7SDag-Erling Smørgrav * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9761efaa7SDag-Erling Smørgrav * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10761efaa7SDag-Erling Smørgrav * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11761efaa7SDag-Erling Smørgrav * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12761efaa7SDag-Erling Smørgrav * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13761efaa7SDag-Erling Smørgrav * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14761efaa7SDag-Erling Smørgrav * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15761efaa7SDag-Erling Smørgrav */ 16761efaa7SDag-Erling Smørgrav 17761efaa7SDag-Erling Smørgrav #include "config.h" 18761efaa7SDag-Erling Smørgrav #include "includes.h" 19761efaa7SDag-Erling Smørgrav 20761efaa7SDag-Erling Smørgrav #include <sys/types.h> 21761efaa7SDag-Erling Smørgrav #include <sys/stat.h> 22761efaa7SDag-Erling Smørgrav #include <sys/param.h> 23761efaa7SDag-Erling Smørgrav 24761efaa7SDag-Erling Smørgrav #include <errno.h> 25761efaa7SDag-Erling Smørgrav #ifdef HAVE_FCNTL_H 26761efaa7SDag-Erling Smørgrav # include <fcntl.h> 27761efaa7SDag-Erling Smørgrav #endif 28761efaa7SDag-Erling Smørgrav #include <stdarg.h> 29761efaa7SDag-Erling Smørgrav #include <string.h> 30761efaa7SDag-Erling Smørgrav #include <unistd.h> 31761efaa7SDag-Erling Smørgrav 32*19261079SEd Maste #include "log.h" 33*19261079SEd Maste 34*19261079SEd Maste #ifdef USE_SOLARIS_PROCESS_CONTRACTS 35*19261079SEd Maste 36761efaa7SDag-Erling Smørgrav #include <libcontract.h> 37761efaa7SDag-Erling Smørgrav #include <sys/contract/process.h> 38761efaa7SDag-Erling Smørgrav #include <sys/ctfs.h> 39761efaa7SDag-Erling Smørgrav 40761efaa7SDag-Erling Smørgrav #define CT_TEMPLATE CTFS_ROOT "/process/template" 41761efaa7SDag-Erling Smørgrav #define CT_LATEST CTFS_ROOT "/process/latest" 42761efaa7SDag-Erling Smørgrav 43761efaa7SDag-Erling Smørgrav static int tmpl_fd = -1; 44761efaa7SDag-Erling Smørgrav 45761efaa7SDag-Erling Smørgrav /* Lookup the latest process contract */ 46761efaa7SDag-Erling Smørgrav static ctid_t 47761efaa7SDag-Erling Smørgrav get_active_process_contract_id(void) 48761efaa7SDag-Erling Smørgrav { 49761efaa7SDag-Erling Smørgrav int stat_fd; 50761efaa7SDag-Erling Smørgrav ctid_t ctid = -1; 51761efaa7SDag-Erling Smørgrav ct_stathdl_t stathdl; 52761efaa7SDag-Erling Smørgrav 53761efaa7SDag-Erling Smørgrav if ((stat_fd = open64(CT_LATEST, O_RDONLY)) == -1) { 54761efaa7SDag-Erling Smørgrav error("%s: Error opening 'latest' process " 55761efaa7SDag-Erling Smørgrav "contract: %s", __func__, strerror(errno)); 56761efaa7SDag-Erling Smørgrav return -1; 57761efaa7SDag-Erling Smørgrav } 58761efaa7SDag-Erling Smørgrav if (ct_status_read(stat_fd, CTD_COMMON, &stathdl) != 0) { 59761efaa7SDag-Erling Smørgrav error("%s: Error reading process contract " 60761efaa7SDag-Erling Smørgrav "status: %s", __func__, strerror(errno)); 61761efaa7SDag-Erling Smørgrav goto out; 62761efaa7SDag-Erling Smørgrav } 63761efaa7SDag-Erling Smørgrav if ((ctid = ct_status_get_id(stathdl)) < 0) { 64761efaa7SDag-Erling Smørgrav error("%s: Error getting process contract id: %s", 65761efaa7SDag-Erling Smørgrav __func__, strerror(errno)); 66761efaa7SDag-Erling Smørgrav goto out; 67761efaa7SDag-Erling Smørgrav } 68761efaa7SDag-Erling Smørgrav 69761efaa7SDag-Erling Smørgrav ct_status_free(stathdl); 70761efaa7SDag-Erling Smørgrav out: 71761efaa7SDag-Erling Smørgrav close(stat_fd); 72761efaa7SDag-Erling Smørgrav return ctid; 73761efaa7SDag-Erling Smørgrav } 74761efaa7SDag-Erling Smørgrav 75761efaa7SDag-Erling Smørgrav void 76761efaa7SDag-Erling Smørgrav solaris_contract_pre_fork(void) 77761efaa7SDag-Erling Smørgrav { 78761efaa7SDag-Erling Smørgrav if ((tmpl_fd = open64(CT_TEMPLATE, O_RDWR)) == -1) { 79761efaa7SDag-Erling Smørgrav error("%s: open %s: %s", __func__, 80761efaa7SDag-Erling Smørgrav CT_TEMPLATE, strerror(errno)); 81761efaa7SDag-Erling Smørgrav return; 82761efaa7SDag-Erling Smørgrav } 83761efaa7SDag-Erling Smørgrav 84761efaa7SDag-Erling Smørgrav debug2("%s: setting up process contract template on fd %d", 85761efaa7SDag-Erling Smørgrav __func__, tmpl_fd); 86761efaa7SDag-Erling Smørgrav 8792eb0aa1SDag-Erling Smørgrav /* First we set the template parameters and event sets. */ 8892eb0aa1SDag-Erling Smørgrav if (ct_pr_tmpl_set_param(tmpl_fd, CT_PR_PGRPONLY) != 0) { 8992eb0aa1SDag-Erling Smørgrav error("%s: Error setting process contract parameter set " 9092eb0aa1SDag-Erling Smørgrav "(pgrponly): %s", __func__, strerror(errno)); 9192eb0aa1SDag-Erling Smørgrav goto fail; 9292eb0aa1SDag-Erling Smørgrav } 9392eb0aa1SDag-Erling Smørgrav if (ct_pr_tmpl_set_fatal(tmpl_fd, CT_PR_EV_HWERR) != 0) { 94761efaa7SDag-Erling Smørgrav error("%s: Error setting process contract template " 95761efaa7SDag-Erling Smørgrav "fatal events: %s", __func__, strerror(errno)); 96761efaa7SDag-Erling Smørgrav goto fail; 97761efaa7SDag-Erling Smørgrav } 9892eb0aa1SDag-Erling Smørgrav if (ct_tmpl_set_critical(tmpl_fd, 0) != 0) { 99761efaa7SDag-Erling Smørgrav error("%s: Error setting process contract template " 100761efaa7SDag-Erling Smørgrav "critical events: %s", __func__, strerror(errno)); 101761efaa7SDag-Erling Smørgrav goto fail; 102761efaa7SDag-Erling Smørgrav } 10392eb0aa1SDag-Erling Smørgrav if (ct_tmpl_set_informative(tmpl_fd, CT_PR_EV_HWERR) != 0) { 10492eb0aa1SDag-Erling Smørgrav error("%s: Error setting process contract template " 10592eb0aa1SDag-Erling Smørgrav "informative events: %s", __func__, strerror(errno)); 10692eb0aa1SDag-Erling Smørgrav goto fail; 10792eb0aa1SDag-Erling Smørgrav } 108761efaa7SDag-Erling Smørgrav 109761efaa7SDag-Erling Smørgrav /* Now make this the active template for this process. */ 110761efaa7SDag-Erling Smørgrav if (ct_tmpl_activate(tmpl_fd) != 0) { 111761efaa7SDag-Erling Smørgrav error("%s: Error activating process contract " 112761efaa7SDag-Erling Smørgrav "template: %s", __func__, strerror(errno)); 113761efaa7SDag-Erling Smørgrav goto fail; 114761efaa7SDag-Erling Smørgrav } 115761efaa7SDag-Erling Smørgrav return; 116761efaa7SDag-Erling Smørgrav 117761efaa7SDag-Erling Smørgrav fail: 118761efaa7SDag-Erling Smørgrav if (tmpl_fd != -1) { 119761efaa7SDag-Erling Smørgrav close(tmpl_fd); 120761efaa7SDag-Erling Smørgrav tmpl_fd = -1; 121761efaa7SDag-Erling Smørgrav } 122761efaa7SDag-Erling Smørgrav } 123761efaa7SDag-Erling Smørgrav 124761efaa7SDag-Erling Smørgrav void 125761efaa7SDag-Erling Smørgrav solaris_contract_post_fork_child() 126761efaa7SDag-Erling Smørgrav { 127761efaa7SDag-Erling Smørgrav debug2("%s: clearing process contract template on fd %d", 128761efaa7SDag-Erling Smørgrav __func__, tmpl_fd); 129761efaa7SDag-Erling Smørgrav 130761efaa7SDag-Erling Smørgrav /* Clear the active template. */ 131761efaa7SDag-Erling Smørgrav if (ct_tmpl_clear(tmpl_fd) != 0) 132761efaa7SDag-Erling Smørgrav error("%s: Error clearing active process contract " 133761efaa7SDag-Erling Smørgrav "template: %s", __func__, strerror(errno)); 134761efaa7SDag-Erling Smørgrav 135761efaa7SDag-Erling Smørgrav close(tmpl_fd); 136761efaa7SDag-Erling Smørgrav tmpl_fd = -1; 137761efaa7SDag-Erling Smørgrav } 138761efaa7SDag-Erling Smørgrav 139761efaa7SDag-Erling Smørgrav void 140761efaa7SDag-Erling Smørgrav solaris_contract_post_fork_parent(pid_t pid) 141761efaa7SDag-Erling Smørgrav { 142761efaa7SDag-Erling Smørgrav ctid_t ctid; 143761efaa7SDag-Erling Smørgrav char ctl_path[256]; 144761efaa7SDag-Erling Smørgrav int r, ctl_fd = -1, stat_fd = -1; 145761efaa7SDag-Erling Smørgrav 146761efaa7SDag-Erling Smørgrav debug2("%s: clearing template (fd %d)", __func__, tmpl_fd); 147761efaa7SDag-Erling Smørgrav 148761efaa7SDag-Erling Smørgrav if (tmpl_fd == -1) 149761efaa7SDag-Erling Smørgrav return; 150761efaa7SDag-Erling Smørgrav 151761efaa7SDag-Erling Smørgrav /* First clear the active template. */ 152761efaa7SDag-Erling Smørgrav if ((r = ct_tmpl_clear(tmpl_fd)) != 0) 153761efaa7SDag-Erling Smørgrav error("%s: Error clearing active process contract " 154761efaa7SDag-Erling Smørgrav "template: %s", __func__, strerror(errno)); 155761efaa7SDag-Erling Smørgrav 156761efaa7SDag-Erling Smørgrav close(tmpl_fd); 157761efaa7SDag-Erling Smørgrav tmpl_fd = -1; 158761efaa7SDag-Erling Smørgrav 159761efaa7SDag-Erling Smørgrav /* 160761efaa7SDag-Erling Smørgrav * If either the fork didn't succeed (pid < 0), or clearing 161761efaa7SDag-Erling Smørgrav * th active contract failed (r != 0), then we have nothing 162761efaa7SDag-Erling Smørgrav * more do. 163761efaa7SDag-Erling Smørgrav */ 164761efaa7SDag-Erling Smørgrav if (r != 0 || pid <= 0) 165761efaa7SDag-Erling Smørgrav return; 166761efaa7SDag-Erling Smørgrav 167761efaa7SDag-Erling Smørgrav /* Now lookup and abandon the contract we've created. */ 168761efaa7SDag-Erling Smørgrav ctid = get_active_process_contract_id(); 169761efaa7SDag-Erling Smørgrav 170761efaa7SDag-Erling Smørgrav debug2("%s: abandoning contract id %ld", __func__, ctid); 171761efaa7SDag-Erling Smørgrav 172761efaa7SDag-Erling Smørgrav snprintf(ctl_path, sizeof(ctl_path), 173761efaa7SDag-Erling Smørgrav CTFS_ROOT "/process/%ld/ctl", ctid); 174761efaa7SDag-Erling Smørgrav if ((ctl_fd = open64(ctl_path, O_WRONLY)) < 0) { 175761efaa7SDag-Erling Smørgrav error("%s: Error opening process contract " 176761efaa7SDag-Erling Smørgrav "ctl file: %s", __func__, strerror(errno)); 177761efaa7SDag-Erling Smørgrav goto fail; 178761efaa7SDag-Erling Smørgrav } 179761efaa7SDag-Erling Smørgrav if (ct_ctl_abandon(ctl_fd) < 0) { 180761efaa7SDag-Erling Smørgrav error("%s: Error abandoning process contract: %s", 181761efaa7SDag-Erling Smørgrav __func__, strerror(errno)); 182761efaa7SDag-Erling Smørgrav goto fail; 183761efaa7SDag-Erling Smørgrav } 184761efaa7SDag-Erling Smørgrav close(ctl_fd); 185761efaa7SDag-Erling Smørgrav return; 186761efaa7SDag-Erling Smørgrav 187761efaa7SDag-Erling Smørgrav fail: 188761efaa7SDag-Erling Smørgrav if (tmpl_fd != -1) { 189761efaa7SDag-Erling Smørgrav close(tmpl_fd); 190761efaa7SDag-Erling Smørgrav tmpl_fd = -1; 191761efaa7SDag-Erling Smørgrav } 192761efaa7SDag-Erling Smørgrav if (stat_fd != -1) 193761efaa7SDag-Erling Smørgrav close(stat_fd); 194761efaa7SDag-Erling Smørgrav if (ctl_fd != -1) 195761efaa7SDag-Erling Smørgrav close(ctl_fd); 196761efaa7SDag-Erling Smørgrav } 197761efaa7SDag-Erling Smørgrav #endif 1984a421b63SDag-Erling Smørgrav 1994a421b63SDag-Erling Smørgrav #ifdef USE_SOLARIS_PROJECTS 2004a421b63SDag-Erling Smørgrav #include <sys/task.h> 2014a421b63SDag-Erling Smørgrav #include <project.h> 2024a421b63SDag-Erling Smørgrav 2034a421b63SDag-Erling Smørgrav /* 2044a421b63SDag-Erling Smørgrav * Get/set solaris default project. 2054a421b63SDag-Erling Smørgrav * If we fail, just run along gracefully. 2064a421b63SDag-Erling Smørgrav */ 2074a421b63SDag-Erling Smørgrav void 2084a421b63SDag-Erling Smørgrav solaris_set_default_project(struct passwd *pw) 2094a421b63SDag-Erling Smørgrav { 2104a421b63SDag-Erling Smørgrav struct project *defaultproject; 2114a421b63SDag-Erling Smørgrav struct project tempproject; 2124a421b63SDag-Erling Smørgrav char buf[1024]; 2134a421b63SDag-Erling Smørgrav 2144a421b63SDag-Erling Smørgrav /* get default project, if we fail just return gracefully */ 2154a421b63SDag-Erling Smørgrav if ((defaultproject = getdefaultproj(pw->pw_name, &tempproject, &buf, 216ca86bcf2SDag-Erling Smørgrav sizeof(buf))) != NULL) { 2174a421b63SDag-Erling Smørgrav /* set default project */ 2184a421b63SDag-Erling Smørgrav if (setproject(defaultproject->pj_name, pw->pw_name, 2194a421b63SDag-Erling Smørgrav TASK_NORMAL) != 0) 2204a421b63SDag-Erling Smørgrav debug("setproject(%s): %s", defaultproject->pj_name, 2214a421b63SDag-Erling Smørgrav strerror(errno)); 2224a421b63SDag-Erling Smørgrav } else { 2234a421b63SDag-Erling Smørgrav /* debug on getdefaultproj() error */ 2244a421b63SDag-Erling Smørgrav debug("getdefaultproj(%s): %s", pw->pw_name, strerror(errno)); 2254a421b63SDag-Erling Smørgrav } 2264a421b63SDag-Erling Smørgrav } 2274a421b63SDag-Erling Smørgrav #endif /* USE_SOLARIS_PROJECTS */ 228acc1a9efSDag-Erling Smørgrav 229acc1a9efSDag-Erling Smørgrav #ifdef USE_SOLARIS_PRIVS 230acc1a9efSDag-Erling Smørgrav # ifdef HAVE_PRIV_H 231acc1a9efSDag-Erling Smørgrav # include <priv.h> 232acc1a9efSDag-Erling Smørgrav # endif 233acc1a9efSDag-Erling Smørgrav 234acc1a9efSDag-Erling Smørgrav priv_set_t * 235acc1a9efSDag-Erling Smørgrav solaris_basic_privset(void) 236acc1a9efSDag-Erling Smørgrav { 237acc1a9efSDag-Erling Smørgrav priv_set_t *pset; 238acc1a9efSDag-Erling Smørgrav 239acc1a9efSDag-Erling Smørgrav #ifdef HAVE_PRIV_BASICSET 240acc1a9efSDag-Erling Smørgrav if ((pset = priv_allocset()) == NULL) { 241acc1a9efSDag-Erling Smørgrav error("priv_allocset: %s", strerror(errno)); 242acc1a9efSDag-Erling Smørgrav return NULL; 243acc1a9efSDag-Erling Smørgrav } 244acc1a9efSDag-Erling Smørgrav priv_basicset(pset); 245acc1a9efSDag-Erling Smørgrav #else 246acc1a9efSDag-Erling Smørgrav if ((pset = priv_str_to_set("basic", ",", NULL)) == NULL) { 247acc1a9efSDag-Erling Smørgrav error("priv_str_to_set: %s", strerror(errno)); 248acc1a9efSDag-Erling Smørgrav return NULL; 249acc1a9efSDag-Erling Smørgrav } 250acc1a9efSDag-Erling Smørgrav #endif 251acc1a9efSDag-Erling Smørgrav return pset; 252acc1a9efSDag-Erling Smørgrav } 253acc1a9efSDag-Erling Smørgrav 254acc1a9efSDag-Erling Smørgrav void 255acc1a9efSDag-Erling Smørgrav solaris_drop_privs_pinfo_net_fork_exec(void) 256acc1a9efSDag-Erling Smørgrav { 257acc1a9efSDag-Erling Smørgrav priv_set_t *pset = NULL, *npset = NULL; 258acc1a9efSDag-Erling Smørgrav 259acc1a9efSDag-Erling Smørgrav /* 260acc1a9efSDag-Erling Smørgrav * Note: this variant avoids dropping DAC filesystem rights, in case 261acc1a9efSDag-Erling Smørgrav * the process calling it is running as root and should have the 262acc1a9efSDag-Erling Smørgrav * ability to read/write/chown any file on the system. 263acc1a9efSDag-Erling Smørgrav * 264acc1a9efSDag-Erling Smørgrav * We start with the basic set, then *add* the DAC rights to it while 265acc1a9efSDag-Erling Smørgrav * taking away other parts of BASIC we don't need. Then we intersect 266acc1a9efSDag-Erling Smørgrav * this with our existing PERMITTED set. In this way we keep any 267acc1a9efSDag-Erling Smørgrav * DAC rights we had before, while otherwise reducing ourselves to 268acc1a9efSDag-Erling Smørgrav * the minimum set of privileges we need to proceed. 269acc1a9efSDag-Erling Smørgrav * 270acc1a9efSDag-Erling Smørgrav * This also means we drop any other parts of "root" that we don't 271acc1a9efSDag-Erling Smørgrav * need (e.g. the ability to kill any process, create new device nodes 272acc1a9efSDag-Erling Smørgrav * etc etc). 273acc1a9efSDag-Erling Smørgrav */ 274acc1a9efSDag-Erling Smørgrav 275acc1a9efSDag-Erling Smørgrav if ((pset = priv_allocset()) == NULL) 276acc1a9efSDag-Erling Smørgrav fatal("priv_allocset: %s", strerror(errno)); 277acc1a9efSDag-Erling Smørgrav if ((npset = solaris_basic_privset()) == NULL) 278acc1a9efSDag-Erling Smørgrav fatal("solaris_basic_privset: %s", strerror(errno)); 279acc1a9efSDag-Erling Smørgrav 280acc1a9efSDag-Erling Smørgrav if (priv_addset(npset, PRIV_FILE_CHOWN) != 0 || 281acc1a9efSDag-Erling Smørgrav priv_addset(npset, PRIV_FILE_DAC_READ) != 0 || 282acc1a9efSDag-Erling Smørgrav priv_addset(npset, PRIV_FILE_DAC_SEARCH) != 0 || 283acc1a9efSDag-Erling Smørgrav priv_addset(npset, PRIV_FILE_DAC_WRITE) != 0 || 284acc1a9efSDag-Erling Smørgrav priv_addset(npset, PRIV_FILE_OWNER) != 0) 285acc1a9efSDag-Erling Smørgrav fatal("priv_addset: %s", strerror(errno)); 286acc1a9efSDag-Erling Smørgrav 287*19261079SEd Maste if (priv_delset(npset, PRIV_PROC_EXEC) != 0 || 288acc1a9efSDag-Erling Smørgrav #ifdef PRIV_NET_ACCESS 289acc1a9efSDag-Erling Smørgrav priv_delset(npset, PRIV_NET_ACCESS) != 0 || 290acc1a9efSDag-Erling Smørgrav #endif 291acc1a9efSDag-Erling Smørgrav priv_delset(npset, PRIV_PROC_FORK) != 0 || 292acc1a9efSDag-Erling Smørgrav priv_delset(npset, PRIV_PROC_INFO) != 0 || 293acc1a9efSDag-Erling Smørgrav priv_delset(npset, PRIV_PROC_SESSION) != 0) 294acc1a9efSDag-Erling Smørgrav fatal("priv_delset: %s", strerror(errno)); 295acc1a9efSDag-Erling Smørgrav 296acc1a9efSDag-Erling Smørgrav if (getppriv(PRIV_PERMITTED, pset) != 0) 297acc1a9efSDag-Erling Smørgrav fatal("getppriv: %s", strerror(errno)); 298acc1a9efSDag-Erling Smørgrav 299acc1a9efSDag-Erling Smørgrav priv_intersect(pset, npset); 300acc1a9efSDag-Erling Smørgrav 301acc1a9efSDag-Erling Smørgrav if (setppriv(PRIV_SET, PRIV_PERMITTED, npset) != 0 || 302acc1a9efSDag-Erling Smørgrav setppriv(PRIV_SET, PRIV_LIMIT, npset) != 0 || 303acc1a9efSDag-Erling Smørgrav setppriv(PRIV_SET, PRIV_INHERITABLE, npset) != 0) 304acc1a9efSDag-Erling Smørgrav fatal("setppriv: %s", strerror(errno)); 305acc1a9efSDag-Erling Smørgrav 306acc1a9efSDag-Erling Smørgrav priv_freeset(pset); 307acc1a9efSDag-Erling Smørgrav priv_freeset(npset); 308acc1a9efSDag-Erling Smørgrav } 309acc1a9efSDag-Erling Smørgrav 310acc1a9efSDag-Erling Smørgrav void 311acc1a9efSDag-Erling Smørgrav solaris_drop_privs_root_pinfo_net(void) 312acc1a9efSDag-Erling Smørgrav { 313acc1a9efSDag-Erling Smørgrav priv_set_t *pset = NULL; 314acc1a9efSDag-Erling Smørgrav 315acc1a9efSDag-Erling Smørgrav /* Start with "basic" and drop everything we don't need. */ 316acc1a9efSDag-Erling Smørgrav if ((pset = solaris_basic_privset()) == NULL) 317acc1a9efSDag-Erling Smørgrav fatal("solaris_basic_privset: %s", strerror(errno)); 318acc1a9efSDag-Erling Smørgrav 319acc1a9efSDag-Erling Smørgrav if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 || 320acc1a9efSDag-Erling Smørgrav #ifdef PRIV_NET_ACCESS 321acc1a9efSDag-Erling Smørgrav priv_delset(pset, PRIV_NET_ACCESS) != 0 || 322acc1a9efSDag-Erling Smørgrav #endif 323acc1a9efSDag-Erling Smørgrav priv_delset(pset, PRIV_PROC_INFO) != 0 || 324acc1a9efSDag-Erling Smørgrav priv_delset(pset, PRIV_PROC_SESSION) != 0) 325acc1a9efSDag-Erling Smørgrav fatal("priv_delset: %s", strerror(errno)); 326acc1a9efSDag-Erling Smørgrav 327acc1a9efSDag-Erling Smørgrav if (setppriv(PRIV_SET, PRIV_PERMITTED, pset) != 0 || 328acc1a9efSDag-Erling Smørgrav setppriv(PRIV_SET, PRIV_LIMIT, pset) != 0 || 329acc1a9efSDag-Erling Smørgrav setppriv(PRIV_SET, PRIV_INHERITABLE, pset) != 0) 330acc1a9efSDag-Erling Smørgrav fatal("setppriv: %s", strerror(errno)); 331acc1a9efSDag-Erling Smørgrav 332acc1a9efSDag-Erling Smørgrav priv_freeset(pset); 333acc1a9efSDag-Erling Smørgrav } 334acc1a9efSDag-Erling Smørgrav 335acc1a9efSDag-Erling Smørgrav void 336acc1a9efSDag-Erling Smørgrav solaris_drop_privs_root_pinfo_net_exec(void) 337acc1a9efSDag-Erling Smørgrav { 338acc1a9efSDag-Erling Smørgrav priv_set_t *pset = NULL; 339acc1a9efSDag-Erling Smørgrav 340acc1a9efSDag-Erling Smørgrav 341acc1a9efSDag-Erling Smørgrav /* Start with "basic" and drop everything we don't need. */ 342acc1a9efSDag-Erling Smørgrav if ((pset = solaris_basic_privset()) == NULL) 343acc1a9efSDag-Erling Smørgrav fatal("solaris_basic_privset: %s", strerror(errno)); 344acc1a9efSDag-Erling Smørgrav 345acc1a9efSDag-Erling Smørgrav if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 || 346acc1a9efSDag-Erling Smørgrav #ifdef PRIV_NET_ACCESS 347acc1a9efSDag-Erling Smørgrav priv_delset(pset, PRIV_NET_ACCESS) != 0 || 348acc1a9efSDag-Erling Smørgrav #endif 349acc1a9efSDag-Erling Smørgrav priv_delset(pset, PRIV_PROC_EXEC) != 0 || 350*19261079SEd Maste priv_delset(pset, PRIV_PROC_INFO) != 0) 351acc1a9efSDag-Erling Smørgrav fatal("priv_delset: %s", strerror(errno)); 352acc1a9efSDag-Erling Smørgrav 353acc1a9efSDag-Erling Smørgrav if (setppriv(PRIV_SET, PRIV_PERMITTED, pset) != 0 || 354acc1a9efSDag-Erling Smørgrav setppriv(PRIV_SET, PRIV_LIMIT, pset) != 0 || 355acc1a9efSDag-Erling Smørgrav setppriv(PRIV_SET, PRIV_INHERITABLE, pset) != 0) 356acc1a9efSDag-Erling Smørgrav fatal("setppriv: %s", strerror(errno)); 357acc1a9efSDag-Erling Smørgrav 358acc1a9efSDag-Erling Smørgrav priv_freeset(pset); 359acc1a9efSDag-Erling Smørgrav } 360acc1a9efSDag-Erling Smørgrav 361acc1a9efSDag-Erling Smørgrav #endif 362