From: Damien Miller <djm@mindrot.org>
Date: Mon, 2 Sep 2019 00:22:02 +0000 (+1000)
Subject: retain Solaris PRIV_FILE_LINK_ANY in sftp-server
X-Git-Tag: V_8_1_P1~90
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6b7c53498def19a14dd9587bf521ab6dbee8988f;p=thirdparty%2Fopenssh-portable.git

retain Solaris PRIV_FILE_LINK_ANY in sftp-server

Dropping this privilege removes the ability to create hard links to
files owned by other users. This is required for the legacy sftp rename
operation.

bz#3036; approach ok Alex Wilson (the original author of the Solaris
sandbox/pledge replacement code)
---

diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c
index a7c925450..7d5a28cd0 100644
--- a/openbsd-compat/port-solaris.c
+++ b/openbsd-compat/port-solaris.c
@@ -284,11 +284,10 @@ solaris_drop_privs_pinfo_net_fork_exec(void)
 	    priv_addset(npset, PRIV_FILE_OWNER) != 0)
 		fatal("priv_addset: %s", strerror(errno));
 
-	if (priv_delset(npset, PRIV_FILE_LINK_ANY) != 0 ||
+	if (priv_delset(npset, PRIV_PROC_EXEC) != 0 ||
 #ifdef PRIV_NET_ACCESS
 	    priv_delset(npset, PRIV_NET_ACCESS) != 0 ||
 #endif
-	    priv_delset(npset, PRIV_PROC_EXEC) != 0 ||
 	    priv_delset(npset, PRIV_PROC_FORK) != 0 ||
 	    priv_delset(npset, PRIV_PROC_INFO) != 0 ||
 	    priv_delset(npset, PRIV_PROC_SESSION) != 0)