VirtualBox

Ignore:
Timestamp:
Nov 25, 2010 1:35:13 PM (14 years ago)
Author:
vboxsync
Message:

SUPR3HardenedMain: on Solaris don't touch the privilege set for the real root user

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp

    r33595 r34364  
    649649# elif defined(RT_OS_SOLARIS)
    650650    /*
    651      * Add net_icmpaccess privilege to permitted, effective and inheritable privileges
    652      * before dropping root privileges.
    653      */
    654     priv_set_t *pPrivSet = priv_str_to_set("basic", ",", NULL);
    655     if (pPrivSet)
    656     {
    657         priv_addset(pPrivSet, PRIV_NET_ICMPACCESS);
    658         int rc = setppriv(PRIV_SET, PRIV_INHERITABLE, pPrivSet);
    659         if (!rc)
     651     * Add net_icmpaccess privilege to permitted, effective and inheritable
     652     * privileges before dropping root privileges. Skip this hacky code for
     653     * real root, as it removes lots of privileges due to the harcoded set.
     654     */
     655    if (getuid() != 0)
     656    {
     657        priv_set_t *pPrivSet = priv_str_to_set("basic", ",", NULL);
     658        if (pPrivSet)
    660659        {
    661             rc = setppriv(PRIV_SET, PRIV_PERMITTED, pPrivSet);
     660            priv_addset(pPrivSet, PRIV_NET_ICMPACCESS);
     661            int rc = setppriv(PRIV_SET, PRIV_INHERITABLE, pPrivSet);
    662662            if (!rc)
    663663            {
    664                 rc = setppriv(PRIV_SET, PRIV_EFFECTIVE, pPrivSet);
    665                 if (rc)
    666                     supR3HardenedError(rc, false, "SUPR3HardenedMain: failed to set effective privilege set.\n");
     664                rc = setppriv(PRIV_SET, PRIV_PERMITTED, pPrivSet);
     665                if (!rc)
     666                {
     667                    rc = setppriv(PRIV_SET, PRIV_EFFECTIVE, pPrivSet);
     668                    if (rc)
     669                        supR3HardenedError(rc, false, "SUPR3HardenedMain: failed to set effective privilege set.\n");
     670                }
     671                else
     672                    supR3HardenedError(rc, false, "SUPR3HardenedMain: failed to set permitted privilege set.\n");
    667673            }
    668674            else
    669                 supR3HardenedError(rc, false, "SUPR3HardenedMain: failed to set permitted privilege set.\n");
     675                supR3HardenedError(rc, false, "SUPR3HardenedMain: failed to set inheritable privilege set.\n");
     676
     677            priv_freeset(pPrivSet);
    670678        }
    671679        else
    672             supR3HardenedError(rc, false, "SUPR3HardenedMain: failed to set inheritable privilege set.\n");
    673 
    674         priv_freeset(pPrivSet);
    675     }
    676     else
    677         supR3HardenedError(-1, false, "SUPR3HardenedMain: failed to get basic privilege set.\n");
    678 
     680            supR3HardenedError(-1, false, "SUPR3HardenedMain: failed to get basic privilege set.\n");
     681    }
    679682# endif
    680683}
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette