Changeset 35311 in vbox for trunk/src/VBox/HostDrivers/Support
- Timestamp:
- Dec 23, 2010 2:13:30 PM (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp
r35307 r35311 656 656 seteuid(g_uid); 657 657 priv_set_t *pPrivEffective = priv_allocset(); 658 priv_set_t *pPrivNewEffective = priv_allocset(); 659 priv_set_t *pPrivNewPermitted = priv_allocset(); 660 if (pPrivEffective && pPrivNewEffective && pPrivNewPermitted) 658 priv_set_t *pPrivNew = priv_allocset(); 659 if (pPrivEffective && pPrivNew) 661 660 { 662 661 int rc = getppriv(PRIV_EFFECTIVE, pPrivEffective); … … 664 663 if (!rc) 665 664 { 666 priv_copyset(pPrivEffective, pPrivNewEffective); 667 priv_copyset(pPrivEffective, pPrivNewPermitted); 668 rc = priv_addset(pPrivNewEffective, PRIV_NET_ICMPACCESS); 665 priv_copyset(pPrivEffective, pPrivNew); 666 rc = priv_addset(pPrivNew, PRIV_NET_ICMPACCESS); 669 667 if (!rc) 670 668 { 671 669 /* Order is important, as one can't set a privilege which is 672 * not in the permitted privilege set. We limit ourselves as 673 * much as possible after grabbing the extra privileges. */ 674 rc = setppriv(PRIV_SET, PRIV_EFFECTIVE, pPrivNewEffective); 670 * not in the permitted privilege set. */ 671 rc = setppriv(PRIV_SET, PRIV_EFFECTIVE, pPrivNew); 675 672 if (rc) 676 673 supR3HardenedError(rc, false, "SUPR3HardenedMain: failed to set effective privilege set.\n"); 677 rc = setppriv(PRIV_SET, PRIV_PERMITTED, pPrivNew Permitted);674 rc = setppriv(PRIV_SET, PRIV_PERMITTED, pPrivNew); 678 675 if (rc) 679 supR3HardenedError(rc, false, "SUPR3HardenedMain: failed to set effectiveprivilege set.\n");676 supR3HardenedError(rc, false, "SUPR3HardenedMain: failed to set permitted privilege set.\n"); 680 677 } 681 678 else
Note:
See TracChangeset
for help on using the changeset viewer.
