retain Solaris PRIV_FILE_LINK_ANY in sftp-server

Dropping this privilege removes the ability to create hard links to
files owned by other users. This is required for the legacy sftp rename
operation.

bz#3036; approach ok Alex Wilson (the original author of the Solaris
sandbox/pledge replacement code)

diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c
index a7c9254505a275ca3a1a20142e6089cd02777310..7d5a28cd0b12019f46bfcec12e0e4fc74e1e7591 100644 (file)
--- a/openbsd-compat/port-solaris.c
+++ b/openbsd-compat/port-solaris.c
@@ -284,11 +284,10 @@ solaris_drop_privs_pinfo_net_fork_exec(void)
            priv_addset(npset, PRIV_FILE_OWNER) != 0)
                fatal("priv_addset: %s", strerror(errno));
 
-       if (priv_delset(npset, PRIV_FILE_LINK_ANY) != 0 ||
+       if (priv_delset(npset, PRIV_PROC_EXEC) != 0 ||
 #ifdef PRIV_NET_ACCESS
            priv_delset(npset, PRIV_NET_ACCESS) != 0 ||
 #endif
-           priv_delset(npset, PRIV_PROC_EXEC) != 0 ||
            priv_delset(npset, PRIV_PROC_FORK) != 0 ||
            priv_delset(npset, PRIV_PROC_INFO) != 0 ||
            priv_delset(npset, PRIV_PROC_SESSION) != 0)