14a421b63SDag-Erling Smørgrav /* $Id: port-solaris.c,v 1.4 2010/11/05 01:03:05 dtucker Exp $ */ 2761efaa7SDag-Erling Smørgrav 3761efaa7SDag-Erling Smørgrav /* 4761efaa7SDag-Erling Smørgrav * Copyright (c) 2006 Chad Mynhier. 5761efaa7SDag-Erling Smørgrav * 6761efaa7SDag-Erling Smørgrav * Permission to use, copy, modify, and distribute this software for any 7761efaa7SDag-Erling Smørgrav * purpose with or without fee is hereby granted, provided that the above 8761efaa7SDag-Erling Smørgrav * copyright notice and this permission notice appear in all copies. 9761efaa7SDag-Erling Smørgrav * 10761efaa7SDag-Erling Smørgrav * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11761efaa7SDag-Erling Smørgrav * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12761efaa7SDag-Erling Smørgrav * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13761efaa7SDag-Erling Smørgrav * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14761efaa7SDag-Erling Smørgrav * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15761efaa7SDag-Erling Smørgrav * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16761efaa7SDag-Erling Smørgrav * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17761efaa7SDag-Erling Smørgrav */ 18761efaa7SDag-Erling Smørgrav 19761efaa7SDag-Erling Smørgrav #include "config.h" 20761efaa7SDag-Erling Smørgrav #include "includes.h" 21761efaa7SDag-Erling Smørgrav 22761efaa7SDag-Erling Smørgrav #ifdef USE_SOLARIS_PROCESS_CONTRACTS 23761efaa7SDag-Erling Smørgrav 24761efaa7SDag-Erling Smørgrav #include <sys/types.h> 25761efaa7SDag-Erling Smørgrav #include <sys/stat.h> 26761efaa7SDag-Erling Smørgrav #include <sys/param.h> 27761efaa7SDag-Erling Smørgrav 28761efaa7SDag-Erling Smørgrav #include <errno.h> 29761efaa7SDag-Erling Smørgrav #ifdef HAVE_FCNTL_H 30761efaa7SDag-Erling Smørgrav # include <fcntl.h> 31761efaa7SDag-Erling Smørgrav #endif 32761efaa7SDag-Erling Smørgrav #include <stdarg.h> 33761efaa7SDag-Erling Smørgrav #include <string.h> 34761efaa7SDag-Erling Smørgrav #include <unistd.h> 35761efaa7SDag-Erling Smørgrav 36761efaa7SDag-Erling Smørgrav #include <libcontract.h> 37761efaa7SDag-Erling Smørgrav #include <sys/contract/process.h> 38761efaa7SDag-Erling Smørgrav #include <sys/ctfs.h> 39761efaa7SDag-Erling Smørgrav 40761efaa7SDag-Erling Smørgrav #include "log.h" 41761efaa7SDag-Erling Smørgrav 42761efaa7SDag-Erling Smørgrav #define CT_TEMPLATE CTFS_ROOT "/process/template" 43761efaa7SDag-Erling Smørgrav #define CT_LATEST CTFS_ROOT "/process/latest" 44761efaa7SDag-Erling Smørgrav 45761efaa7SDag-Erling Smørgrav static int tmpl_fd = -1; 46761efaa7SDag-Erling Smørgrav 47761efaa7SDag-Erling Smørgrav /* Lookup the latest process contract */ 48761efaa7SDag-Erling Smørgrav static ctid_t 49761efaa7SDag-Erling Smørgrav get_active_process_contract_id(void) 50761efaa7SDag-Erling Smørgrav { 51761efaa7SDag-Erling Smørgrav int stat_fd; 52761efaa7SDag-Erling Smørgrav ctid_t ctid = -1; 53761efaa7SDag-Erling Smørgrav ct_stathdl_t stathdl; 54761efaa7SDag-Erling Smørgrav 55761efaa7SDag-Erling Smørgrav if ((stat_fd = open64(CT_LATEST, O_RDONLY)) == -1) { 56761efaa7SDag-Erling Smørgrav error("%s: Error opening 'latest' process " 57761efaa7SDag-Erling Smørgrav "contract: %s", __func__, strerror(errno)); 58761efaa7SDag-Erling Smørgrav return -1; 59761efaa7SDag-Erling Smørgrav } 60761efaa7SDag-Erling Smørgrav if (ct_status_read(stat_fd, CTD_COMMON, &stathdl) != 0) { 61761efaa7SDag-Erling Smørgrav error("%s: Error reading process contract " 62761efaa7SDag-Erling Smørgrav "status: %s", __func__, strerror(errno)); 63761efaa7SDag-Erling Smørgrav goto out; 64761efaa7SDag-Erling Smørgrav } 65761efaa7SDag-Erling Smørgrav if ((ctid = ct_status_get_id(stathdl)) < 0) { 66761efaa7SDag-Erling Smørgrav error("%s: Error getting process contract id: %s", 67761efaa7SDag-Erling Smørgrav __func__, strerror(errno)); 68761efaa7SDag-Erling Smørgrav goto out; 69761efaa7SDag-Erling Smørgrav } 70761efaa7SDag-Erling Smørgrav 71761efaa7SDag-Erling Smørgrav ct_status_free(stathdl); 72761efaa7SDag-Erling Smørgrav out: 73761efaa7SDag-Erling Smørgrav close(stat_fd); 74761efaa7SDag-Erling Smørgrav return ctid; 75761efaa7SDag-Erling Smørgrav } 76761efaa7SDag-Erling Smørgrav 77761efaa7SDag-Erling Smørgrav void 78761efaa7SDag-Erling Smørgrav solaris_contract_pre_fork(void) 79761efaa7SDag-Erling Smørgrav { 80761efaa7SDag-Erling Smørgrav if ((tmpl_fd = open64(CT_TEMPLATE, O_RDWR)) == -1) { 81761efaa7SDag-Erling Smørgrav error("%s: open %s: %s", __func__, 82761efaa7SDag-Erling Smørgrav CT_TEMPLATE, strerror(errno)); 83761efaa7SDag-Erling Smørgrav return; 84761efaa7SDag-Erling Smørgrav } 85761efaa7SDag-Erling Smørgrav 86761efaa7SDag-Erling Smørgrav debug2("%s: setting up process contract template on fd %d", 87761efaa7SDag-Erling Smørgrav __func__, tmpl_fd); 88761efaa7SDag-Erling Smørgrav 8992eb0aa1SDag-Erling Smørgrav /* First we set the template parameters and event sets. */ 9092eb0aa1SDag-Erling Smørgrav if (ct_pr_tmpl_set_param(tmpl_fd, CT_PR_PGRPONLY) != 0) { 9192eb0aa1SDag-Erling Smørgrav error("%s: Error setting process contract parameter set " 9292eb0aa1SDag-Erling Smørgrav "(pgrponly): %s", __func__, strerror(errno)); 9392eb0aa1SDag-Erling Smørgrav goto fail; 9492eb0aa1SDag-Erling Smørgrav } 9592eb0aa1SDag-Erling Smørgrav if (ct_pr_tmpl_set_fatal(tmpl_fd, CT_PR_EV_HWERR) != 0) { 96761efaa7SDag-Erling Smørgrav error("%s: Error setting process contract template " 97761efaa7SDag-Erling Smørgrav "fatal events: %s", __func__, strerror(errno)); 98761efaa7SDag-Erling Smørgrav goto fail; 99761efaa7SDag-Erling Smørgrav } 10092eb0aa1SDag-Erling Smørgrav if (ct_tmpl_set_critical(tmpl_fd, 0) != 0) { 101761efaa7SDag-Erling Smørgrav error("%s: Error setting process contract template " 102761efaa7SDag-Erling Smørgrav "critical events: %s", __func__, strerror(errno)); 103761efaa7SDag-Erling Smørgrav goto fail; 104761efaa7SDag-Erling Smørgrav } 10592eb0aa1SDag-Erling Smørgrav if (ct_tmpl_set_informative(tmpl_fd, CT_PR_EV_HWERR) != 0) { 10692eb0aa1SDag-Erling Smørgrav error("%s: Error setting process contract template " 10792eb0aa1SDag-Erling Smørgrav "informative events: %s", __func__, strerror(errno)); 10892eb0aa1SDag-Erling Smørgrav goto fail; 10992eb0aa1SDag-Erling Smørgrav } 110761efaa7SDag-Erling Smørgrav 111761efaa7SDag-Erling Smørgrav /* Now make this the active template for this process. */ 112761efaa7SDag-Erling Smørgrav if (ct_tmpl_activate(tmpl_fd) != 0) { 113761efaa7SDag-Erling Smørgrav error("%s: Error activating process contract " 114761efaa7SDag-Erling Smørgrav "template: %s", __func__, strerror(errno)); 115761efaa7SDag-Erling Smørgrav goto fail; 116761efaa7SDag-Erling Smørgrav } 117761efaa7SDag-Erling Smørgrav return; 118761efaa7SDag-Erling Smørgrav 119761efaa7SDag-Erling Smørgrav fail: 120761efaa7SDag-Erling Smørgrav if (tmpl_fd != -1) { 121761efaa7SDag-Erling Smørgrav close(tmpl_fd); 122761efaa7SDag-Erling Smørgrav tmpl_fd = -1; 123761efaa7SDag-Erling Smørgrav } 124761efaa7SDag-Erling Smørgrav } 125761efaa7SDag-Erling Smørgrav 126761efaa7SDag-Erling Smørgrav void 127761efaa7SDag-Erling Smørgrav solaris_contract_post_fork_child() 128761efaa7SDag-Erling Smørgrav { 129761efaa7SDag-Erling Smørgrav debug2("%s: clearing process contract template on fd %d", 130761efaa7SDag-Erling Smørgrav __func__, tmpl_fd); 131761efaa7SDag-Erling Smørgrav 132761efaa7SDag-Erling Smørgrav /* Clear the active template. */ 133761efaa7SDag-Erling Smørgrav if (ct_tmpl_clear(tmpl_fd) != 0) 134761efaa7SDag-Erling Smørgrav error("%s: Error clearing active process contract " 135761efaa7SDag-Erling Smørgrav "template: %s", __func__, strerror(errno)); 136761efaa7SDag-Erling Smørgrav 137761efaa7SDag-Erling Smørgrav close(tmpl_fd); 138761efaa7SDag-Erling Smørgrav tmpl_fd = -1; 139761efaa7SDag-Erling Smørgrav } 140761efaa7SDag-Erling Smørgrav 141761efaa7SDag-Erling Smørgrav void 142761efaa7SDag-Erling Smørgrav solaris_contract_post_fork_parent(pid_t pid) 143761efaa7SDag-Erling Smørgrav { 144761efaa7SDag-Erling Smørgrav ctid_t ctid; 145761efaa7SDag-Erling Smørgrav char ctl_path[256]; 146761efaa7SDag-Erling Smørgrav int r, ctl_fd = -1, stat_fd = -1; 147761efaa7SDag-Erling Smørgrav 148761efaa7SDag-Erling Smørgrav debug2("%s: clearing template (fd %d)", __func__, tmpl_fd); 149761efaa7SDag-Erling Smørgrav 150761efaa7SDag-Erling Smørgrav if (tmpl_fd == -1) 151761efaa7SDag-Erling Smørgrav return; 152761efaa7SDag-Erling Smørgrav 153761efaa7SDag-Erling Smørgrav /* First clear the active template. */ 154761efaa7SDag-Erling Smørgrav if ((r = ct_tmpl_clear(tmpl_fd)) != 0) 155761efaa7SDag-Erling Smørgrav error("%s: Error clearing active process contract " 156761efaa7SDag-Erling Smørgrav "template: %s", __func__, strerror(errno)); 157761efaa7SDag-Erling Smørgrav 158761efaa7SDag-Erling Smørgrav close(tmpl_fd); 159761efaa7SDag-Erling Smørgrav tmpl_fd = -1; 160761efaa7SDag-Erling Smørgrav 161761efaa7SDag-Erling Smørgrav /* 162761efaa7SDag-Erling Smørgrav * If either the fork didn't succeed (pid < 0), or clearing 163761efaa7SDag-Erling Smørgrav * th active contract failed (r != 0), then we have nothing 164761efaa7SDag-Erling Smørgrav * more do. 165761efaa7SDag-Erling Smørgrav */ 166761efaa7SDag-Erling Smørgrav if (r != 0 || pid <= 0) 167761efaa7SDag-Erling Smørgrav return; 168761efaa7SDag-Erling Smørgrav 169761efaa7SDag-Erling Smørgrav /* Now lookup and abandon the contract we've created. */ 170761efaa7SDag-Erling Smørgrav ctid = get_active_process_contract_id(); 171761efaa7SDag-Erling Smørgrav 172761efaa7SDag-Erling Smørgrav debug2("%s: abandoning contract id %ld", __func__, ctid); 173761efaa7SDag-Erling Smørgrav 174761efaa7SDag-Erling Smørgrav snprintf(ctl_path, sizeof(ctl_path), 175761efaa7SDag-Erling Smørgrav CTFS_ROOT "/process/%ld/ctl", ctid); 176761efaa7SDag-Erling Smørgrav if ((ctl_fd = open64(ctl_path, O_WRONLY)) < 0) { 177761efaa7SDag-Erling Smørgrav error("%s: Error opening process contract " 178761efaa7SDag-Erling Smørgrav "ctl file: %s", __func__, strerror(errno)); 179761efaa7SDag-Erling Smørgrav goto fail; 180761efaa7SDag-Erling Smørgrav } 181761efaa7SDag-Erling Smørgrav if (ct_ctl_abandon(ctl_fd) < 0) { 182761efaa7SDag-Erling Smørgrav error("%s: Error abandoning process contract: %s", 183761efaa7SDag-Erling Smørgrav __func__, strerror(errno)); 184761efaa7SDag-Erling Smørgrav goto fail; 185761efaa7SDag-Erling Smørgrav } 186761efaa7SDag-Erling Smørgrav close(ctl_fd); 187761efaa7SDag-Erling Smørgrav return; 188761efaa7SDag-Erling Smørgrav 189761efaa7SDag-Erling Smørgrav fail: 190761efaa7SDag-Erling Smørgrav if (tmpl_fd != -1) { 191761efaa7SDag-Erling Smørgrav close(tmpl_fd); 192761efaa7SDag-Erling Smørgrav tmpl_fd = -1; 193761efaa7SDag-Erling Smørgrav } 194761efaa7SDag-Erling Smørgrav if (stat_fd != -1) 195761efaa7SDag-Erling Smørgrav close(stat_fd); 196761efaa7SDag-Erling Smørgrav if (ctl_fd != -1) 197761efaa7SDag-Erling Smørgrav close(ctl_fd); 198761efaa7SDag-Erling Smørgrav } 199761efaa7SDag-Erling Smørgrav #endif 2004a421b63SDag-Erling Smørgrav 2014a421b63SDag-Erling Smørgrav #ifdef USE_SOLARIS_PROJECTS 2024a421b63SDag-Erling Smørgrav #include <sys/task.h> 2034a421b63SDag-Erling Smørgrav #include <project.h> 2044a421b63SDag-Erling Smørgrav 2054a421b63SDag-Erling Smørgrav /* 2064a421b63SDag-Erling Smørgrav * Get/set solaris default project. 2074a421b63SDag-Erling Smørgrav * If we fail, just run along gracefully. 2084a421b63SDag-Erling Smørgrav */ 2094a421b63SDag-Erling Smørgrav void 2104a421b63SDag-Erling Smørgrav solaris_set_default_project(struct passwd *pw) 2114a421b63SDag-Erling Smørgrav { 2124a421b63SDag-Erling Smørgrav struct project *defaultproject; 2134a421b63SDag-Erling Smørgrav struct project tempproject; 2144a421b63SDag-Erling Smørgrav char buf[1024]; 2154a421b63SDag-Erling Smørgrav 2164a421b63SDag-Erling Smørgrav /* get default project, if we fail just return gracefully */ 2174a421b63SDag-Erling Smørgrav if ((defaultproject = getdefaultproj(pw->pw_name, &tempproject, &buf, 2184a421b63SDag-Erling Smørgrav sizeof(buf))) > 0) { 2194a421b63SDag-Erling Smørgrav /* set default project */ 2204a421b63SDag-Erling Smørgrav if (setproject(defaultproject->pj_name, pw->pw_name, 2214a421b63SDag-Erling Smørgrav TASK_NORMAL) != 0) 2224a421b63SDag-Erling Smørgrav debug("setproject(%s): %s", defaultproject->pj_name, 2234a421b63SDag-Erling Smørgrav strerror(errno)); 2244a421b63SDag-Erling Smørgrav } else { 2254a421b63SDag-Erling Smørgrav /* debug on getdefaultproj() error */ 2264a421b63SDag-Erling Smørgrav debug("getdefaultproj(%s): %s", pw->pw_name, strerror(errno)); 2274a421b63SDag-Erling Smørgrav } 2284a421b63SDag-Erling Smørgrav } 2294a421b63SDag-Erling Smørgrav #endif /* USE_SOLARIS_PROJECTS */ 230*acc1a9efSDag-Erling Smørgrav 231*acc1a9efSDag-Erling Smørgrav #ifdef USE_SOLARIS_PRIVS 232*acc1a9efSDag-Erling Smørgrav # ifdef HAVE_PRIV_H 233*acc1a9efSDag-Erling Smørgrav # include <priv.h> 234*acc1a9efSDag-Erling Smørgrav # endif 235*acc1a9efSDag-Erling Smørgrav 236*acc1a9efSDag-Erling Smørgrav priv_set_t * 237*acc1a9efSDag-Erling Smørgrav solaris_basic_privset(void) 238*acc1a9efSDag-Erling Smørgrav { 239*acc1a9efSDag-Erling Smørgrav priv_set_t *pset; 240*acc1a9efSDag-Erling Smørgrav 241*acc1a9efSDag-Erling Smørgrav #ifdef HAVE_PRIV_BASICSET 242*acc1a9efSDag-Erling Smørgrav if ((pset = priv_allocset()) == NULL) { 243*acc1a9efSDag-Erling Smørgrav error("priv_allocset: %s", strerror(errno)); 244*acc1a9efSDag-Erling Smørgrav return NULL; 245*acc1a9efSDag-Erling Smørgrav } 246*acc1a9efSDag-Erling Smørgrav priv_basicset(pset); 247*acc1a9efSDag-Erling Smørgrav #else 248*acc1a9efSDag-Erling Smørgrav if ((pset = priv_str_to_set("basic", ",", NULL)) == NULL) { 249*acc1a9efSDag-Erling Smørgrav error("priv_str_to_set: %s", strerror(errno)); 250*acc1a9efSDag-Erling Smørgrav return NULL; 251*acc1a9efSDag-Erling Smørgrav } 252*acc1a9efSDag-Erling Smørgrav #endif 253*acc1a9efSDag-Erling Smørgrav return pset; 254*acc1a9efSDag-Erling Smørgrav } 255*acc1a9efSDag-Erling Smørgrav 256*acc1a9efSDag-Erling Smørgrav void 257*acc1a9efSDag-Erling Smørgrav solaris_drop_privs_pinfo_net_fork_exec(void) 258*acc1a9efSDag-Erling Smørgrav { 259*acc1a9efSDag-Erling Smørgrav priv_set_t *pset = NULL, *npset = NULL; 260*acc1a9efSDag-Erling Smørgrav 261*acc1a9efSDag-Erling Smørgrav /* 262*acc1a9efSDag-Erling Smørgrav * Note: this variant avoids dropping DAC filesystem rights, in case 263*acc1a9efSDag-Erling Smørgrav * the process calling it is running as root and should have the 264*acc1a9efSDag-Erling Smørgrav * ability to read/write/chown any file on the system. 265*acc1a9efSDag-Erling Smørgrav * 266*acc1a9efSDag-Erling Smørgrav * We start with the basic set, then *add* the DAC rights to it while 267*acc1a9efSDag-Erling Smørgrav * taking away other parts of BASIC we don't need. Then we intersect 268*acc1a9efSDag-Erling Smørgrav * this with our existing PERMITTED set. In this way we keep any 269*acc1a9efSDag-Erling Smørgrav * DAC rights we had before, while otherwise reducing ourselves to 270*acc1a9efSDag-Erling Smørgrav * the minimum set of privileges we need to proceed. 271*acc1a9efSDag-Erling Smørgrav * 272*acc1a9efSDag-Erling Smørgrav * This also means we drop any other parts of "root" that we don't 273*acc1a9efSDag-Erling Smørgrav * need (e.g. the ability to kill any process, create new device nodes 274*acc1a9efSDag-Erling Smørgrav * etc etc). 275*acc1a9efSDag-Erling Smørgrav */ 276*acc1a9efSDag-Erling Smørgrav 277*acc1a9efSDag-Erling Smørgrav if ((pset = priv_allocset()) == NULL) 278*acc1a9efSDag-Erling Smørgrav fatal("priv_allocset: %s", strerror(errno)); 279*acc1a9efSDag-Erling Smørgrav if ((npset = solaris_basic_privset()) == NULL) 280*acc1a9efSDag-Erling Smørgrav fatal("solaris_basic_privset: %s", strerror(errno)); 281*acc1a9efSDag-Erling Smørgrav 282*acc1a9efSDag-Erling Smørgrav if (priv_addset(npset, PRIV_FILE_CHOWN) != 0 || 283*acc1a9efSDag-Erling Smørgrav priv_addset(npset, PRIV_FILE_DAC_READ) != 0 || 284*acc1a9efSDag-Erling Smørgrav priv_addset(npset, PRIV_FILE_DAC_SEARCH) != 0 || 285*acc1a9efSDag-Erling Smørgrav priv_addset(npset, PRIV_FILE_DAC_WRITE) != 0 || 286*acc1a9efSDag-Erling Smørgrav priv_addset(npset, PRIV_FILE_OWNER) != 0) 287*acc1a9efSDag-Erling Smørgrav fatal("priv_addset: %s", strerror(errno)); 288*acc1a9efSDag-Erling Smørgrav 289*acc1a9efSDag-Erling Smørgrav if (priv_delset(npset, PRIV_FILE_LINK_ANY) != 0 || 290*acc1a9efSDag-Erling Smørgrav #ifdef PRIV_NET_ACCESS 291*acc1a9efSDag-Erling Smørgrav priv_delset(npset, PRIV_NET_ACCESS) != 0 || 292*acc1a9efSDag-Erling Smørgrav #endif 293*acc1a9efSDag-Erling Smørgrav priv_delset(npset, PRIV_PROC_EXEC) != 0 || 294*acc1a9efSDag-Erling Smørgrav priv_delset(npset, PRIV_PROC_FORK) != 0 || 295*acc1a9efSDag-Erling Smørgrav priv_delset(npset, PRIV_PROC_INFO) != 0 || 296*acc1a9efSDag-Erling Smørgrav priv_delset(npset, PRIV_PROC_SESSION) != 0) 297*acc1a9efSDag-Erling Smørgrav fatal("priv_delset: %s", strerror(errno)); 298*acc1a9efSDag-Erling Smørgrav 299*acc1a9efSDag-Erling Smørgrav if (getppriv(PRIV_PERMITTED, pset) != 0) 300*acc1a9efSDag-Erling Smørgrav fatal("getppriv: %s", strerror(errno)); 301*acc1a9efSDag-Erling Smørgrav 302*acc1a9efSDag-Erling Smørgrav priv_intersect(pset, npset); 303*acc1a9efSDag-Erling Smørgrav 304*acc1a9efSDag-Erling Smørgrav if (setppriv(PRIV_SET, PRIV_PERMITTED, npset) != 0 || 305*acc1a9efSDag-Erling Smørgrav setppriv(PRIV_SET, PRIV_LIMIT, npset) != 0 || 306*acc1a9efSDag-Erling Smørgrav setppriv(PRIV_SET, PRIV_INHERITABLE, npset) != 0) 307*acc1a9efSDag-Erling Smørgrav fatal("setppriv: %s", strerror(errno)); 308*acc1a9efSDag-Erling Smørgrav 309*acc1a9efSDag-Erling Smørgrav priv_freeset(pset); 310*acc1a9efSDag-Erling Smørgrav priv_freeset(npset); 311*acc1a9efSDag-Erling Smørgrav } 312*acc1a9efSDag-Erling Smørgrav 313*acc1a9efSDag-Erling Smørgrav void 314*acc1a9efSDag-Erling Smørgrav solaris_drop_privs_root_pinfo_net(void) 315*acc1a9efSDag-Erling Smørgrav { 316*acc1a9efSDag-Erling Smørgrav priv_set_t *pset = NULL; 317*acc1a9efSDag-Erling Smørgrav 318*acc1a9efSDag-Erling Smørgrav /* Start with "basic" and drop everything we don't need. */ 319*acc1a9efSDag-Erling Smørgrav if ((pset = solaris_basic_privset()) == NULL) 320*acc1a9efSDag-Erling Smørgrav fatal("solaris_basic_privset: %s", strerror(errno)); 321*acc1a9efSDag-Erling Smørgrav 322*acc1a9efSDag-Erling Smørgrav if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 || 323*acc1a9efSDag-Erling Smørgrav #ifdef PRIV_NET_ACCESS 324*acc1a9efSDag-Erling Smørgrav priv_delset(pset, PRIV_NET_ACCESS) != 0 || 325*acc1a9efSDag-Erling Smørgrav #endif 326*acc1a9efSDag-Erling Smørgrav priv_delset(pset, PRIV_PROC_INFO) != 0 || 327*acc1a9efSDag-Erling Smørgrav priv_delset(pset, PRIV_PROC_SESSION) != 0) 328*acc1a9efSDag-Erling Smørgrav fatal("priv_delset: %s", strerror(errno)); 329*acc1a9efSDag-Erling Smørgrav 330*acc1a9efSDag-Erling Smørgrav if (setppriv(PRIV_SET, PRIV_PERMITTED, pset) != 0 || 331*acc1a9efSDag-Erling Smørgrav setppriv(PRIV_SET, PRIV_LIMIT, pset) != 0 || 332*acc1a9efSDag-Erling Smørgrav setppriv(PRIV_SET, PRIV_INHERITABLE, pset) != 0) 333*acc1a9efSDag-Erling Smørgrav fatal("setppriv: %s", strerror(errno)); 334*acc1a9efSDag-Erling Smørgrav 335*acc1a9efSDag-Erling Smørgrav priv_freeset(pset); 336*acc1a9efSDag-Erling Smørgrav } 337*acc1a9efSDag-Erling Smørgrav 338*acc1a9efSDag-Erling Smørgrav void 339*acc1a9efSDag-Erling Smørgrav solaris_drop_privs_root_pinfo_net_exec(void) 340*acc1a9efSDag-Erling Smørgrav { 341*acc1a9efSDag-Erling Smørgrav priv_set_t *pset = NULL; 342*acc1a9efSDag-Erling Smørgrav 343*acc1a9efSDag-Erling Smørgrav 344*acc1a9efSDag-Erling Smørgrav /* Start with "basic" and drop everything we don't need. */ 345*acc1a9efSDag-Erling Smørgrav if ((pset = solaris_basic_privset()) == NULL) 346*acc1a9efSDag-Erling Smørgrav fatal("solaris_basic_privset: %s", strerror(errno)); 347*acc1a9efSDag-Erling Smørgrav 348*acc1a9efSDag-Erling Smørgrav if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 || 349*acc1a9efSDag-Erling Smørgrav #ifdef PRIV_NET_ACCESS 350*acc1a9efSDag-Erling Smørgrav priv_delset(pset, PRIV_NET_ACCESS) != 0 || 351*acc1a9efSDag-Erling Smørgrav #endif 352*acc1a9efSDag-Erling Smørgrav priv_delset(pset, PRIV_PROC_EXEC) != 0 || 353*acc1a9efSDag-Erling Smørgrav priv_delset(pset, PRIV_PROC_INFO) != 0 || 354*acc1a9efSDag-Erling Smørgrav priv_delset(pset, PRIV_PROC_SESSION) != 0) 355*acc1a9efSDag-Erling Smørgrav fatal("priv_delset: %s", strerror(errno)); 356*acc1a9efSDag-Erling Smørgrav 357*acc1a9efSDag-Erling Smørgrav if (setppriv(PRIV_SET, PRIV_PERMITTED, pset) != 0 || 358*acc1a9efSDag-Erling Smørgrav setppriv(PRIV_SET, PRIV_LIMIT, pset) != 0 || 359*acc1a9efSDag-Erling Smørgrav setppriv(PRIV_SET, PRIV_INHERITABLE, pset) != 0) 360*acc1a9efSDag-Erling Smørgrav fatal("setppriv: %s", strerror(errno)); 361*acc1a9efSDag-Erling Smørgrav 362*acc1a9efSDag-Erling Smørgrav priv_freeset(pset); 363*acc1a9efSDag-Erling Smørgrav } 364*acc1a9efSDag-Erling Smørgrav 365*acc1a9efSDag-Erling Smørgrav #endif 366