VirtualBox

Changeset 15270 in vbox


Ignore:
Timestamp:
Dec 10, 2008 5:29:25 PM (16 years ago)
Author:
vboxsync
Message:

SUPR3HardenedMain: Solaris net raw access privilege (testing).

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp

    r15180 r15270  
    5757# include <stdio.h>
    5858# include <sys/types.h>
    59 # ifdef RT_OS_LINUX
     59# if defined(RT_OS_LINUX)
    6060#  include <sys/capability.h>
    6161#  include <sys/prctl.h>
     62# elif defined(RT_OS_SOLARIS)
     63#  include <priv.h>
    6264# endif
    6365# include <pwd.h>
     
    595597    if (!cap_set_proc(cap_from_text("all-eip cap_net_raw+ep")))
    596598        prctl(PR_SET_KEEPCAPS, /*keep=*/1, 0, 0, 0);
     599
     600# elif defined(RT_OS_SOLARIS)
     601
     602    /*
     603     * Add net_rawaccess privilege to permitted, effective and inheritable privileges
     604     * before dropping root privileges.
     605     */
     606    int rc = 0;
     607    priv_set_t *pPrivSetPermitted = priv_allocset();
     608    if (pPrivSetPermitted)
     609    {
     610        priv_set_t *pPrivSetEffective = priv_allocset();
     611        if (pPrivSetEffective)
     612        {
     613            priv_set_t *pPrivSetInherit   = priv_allocset();
     614            if (pPrivSetInherit)
     615            {
     616                rc = getppriv(PRIV_PERMITTED, pPrivSetPermitted);
     617                if (!rc)
     618                {
     619                    rc = getppriv(PRIV_EFFECTIVE, pPrivSetEffective);
     620                    if (!rc)
     621                    {
     622                        rc = getppriv(PRIV_INHERITABLE, pPrivSetInherit);
     623                        if (!rc)
     624                        {
     625                            priv_addset(pPrivSetPermitted, PRIV_NET_RAWACCESS);
     626                            priv_addset(pPrivSetEffective, PRIV_NET_RAWACCESS);
     627                            priv_addset(pPrivSetInherit, PRIV_NET_RAWACCESS);
     628                        }
     629                        else               
     630                            supR3HardenedFatal("SUPR3HardenedMain: failed to get inheritable privilege set rc=%d.\n", rc);
     631                    }
     632                    else
     633                        supR3HardenedFatal("SUPR3HardenedMain: failed to get effective privilege set rc=%d.\n", rc);
     634                }
     635                else
     636                    supR3HardenedFatal("SUPR3HardenedMain: failed to get permitted privilege set rc=%d.\n", rc);               
     637            }
     638            else
     639                supR3HardenedFatal("SUPR3HardenedMain: failed to allocate inheritable privilege set.\n");
     640        }
     641        else
     642            supR3HardenedFatal("SUPR3HardenedMain: failed to allocate effective privilege set.\n");
     643    }
     644    else
     645        supR3HardenedFatal("SUPR3HardenedMain: failed to allocate permitted privilege set.\n");
     646   
    597647# endif
    598648
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette