Commit 91d10aa2 authored by Poul-Henning Kamp's avatar Poul-Henning Kamp

Fix/Update for Solaris priv_set().

Fixes #670
Fixes #671



git-svn-id: http://www.varnish-cache.org/svn/trunk/varnish-cache@5226 d4fa192b-c00b-0410-8231-f00ffab90ce4
parent 2a08bde0
......@@ -287,23 +287,30 @@ waive_privileges(void)
{
#ifdef HAVE_SETPPRIV
priv_set_t *empty;
priv_set_t *empty, *minimal;
if (!(empty = priv_allocset())) {
if (!(empty = priv_allocset()) ||
!(minimal = priv_allocset())) {
perror("priv_allocset_failed");
return;
}
priv_emptyset(empty);
priv_emptyset(minimal);
/* new privilege, silently ignore any errors if it doesn't exist */
priv_addset(minimal, "net_access");
#define SETPPRIV(which, set) \
if (setppriv(PRIV_SET, which, set)) \
perror("Waiving privileges failed on " #which)
SETPPRIV(PRIV_LIMIT, empty);
/* need to set I after P to avoid SNOCD being set */
SETPPRIV(PRIV_LIMIT, minimal);
SETPPRIV(PRIV_PERMITTED, minimal); /* implies PRIV_EFFECTIVE */
SETPPRIV(PRIV_INHERITABLE, empty);
SETPPRIV(PRIV_PERMITTED, empty); /* implies PRIV_EFFECTIVE */
priv_freeset(empty);
priv_freeset(minimal);
#else
return;
#endif
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment