From: Damien Miller <djm@mindrot.org>
Date: Thu, 12 Oct 2023 02:20:01 +0000 (+1100)
Subject: Solaris: prefer PRIV_XPOLICY to PRIV_LIMIT
X-Git-Tag: V_9_6_P1~66
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=281c79168edcc303abfd5bca983616eaa24c5f32;p=thirdparty%2Fopenssh-portable.git

Solaris: prefer PRIV_XPOLICY to PRIV_LIMIT

If the system support PRIV_XPOLICY and one is set, then don't
modify PRIV_LIMIT. bz2833, patch from Ron Jordan, ok dtucker@
---

diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c
index 10c2d6b7f..05aa1f76b 100644
--- a/openbsd-compat/port-solaris.c
+++ b/openbsd-compat/port-solaris.c
@@ -292,13 +292,35 @@ solaris_drop_privs_pinfo_net_fork_exec(void)
 	    priv_delset(npset, PRIV_PROC_SESSION) != 0)
 		fatal("priv_delset: %s", strerror(errno));
 
+#ifdef PRIV_XPOLICY
+	/*
+	 * It is possible that the user has an extended policy
+	 * in place; the LIMIT set restricts the extended policy
+	 * and so should not be restricted.
+	 * PRIV_XPOLICY is newly defined in Solaris 11 though the extended
+	 * policy was not implemented until Solaris 11.1.
+	 */
+	if (getpflags(PRIV_XPOLICY) == 1) {
+		if (getppriv(PRIV_LIMIT, pset) != 0)
+			fatal("getppriv: %s", strerror(errno));
+		priv_intersect(pset, npset);
+		if (setppriv(PRIV_SET, PRIV_LIMIT, npset) != 0)
+			fatal("setppriv: %s", strerror(errno));
+	} else
+#endif
+	{
+		/* Cannot exec, so we can kill the limit set. */
+		priv_emptyset(pset);
+		if (setppriv(PRIV_SET, PRIV_LIMIT, pset) != 0)
+			fatal("setppriv: %s", strerror(errno));
+	}
+
 	if (getppriv(PRIV_PERMITTED, pset) != 0)
 		fatal("getppriv: %s", strerror(errno));
 
 	priv_intersect(pset, npset);
 
 	if (setppriv(PRIV_SET, PRIV_PERMITTED, npset) != 0 ||
-	    setppriv(PRIV_SET, PRIV_LIMIT, npset) != 0 ||
 	    setppriv(PRIV_SET, PRIV_INHERITABLE, npset) != 0)
 		fatal("setppriv: %s", strerror(errno));