Drop all privileges in worker children on Solaris

Fixes #628

git-svn-id: http://www.varnish-cache.org/svn/trunk/varnish-cache@4482 d4fa192b-c00b-0410-8231-f00ffab90ce4

bin/varnishd/mgt_child.c

@@ -46,6 +46,10 @@ SVNID("$Id$")
 #include <sys/types.h>
 #include <sys/wait.h>
 
+#ifdef HAVE_PRIV_H
+#include <priv.h>
+#endif
+
 #ifndef HAVE_SETPROCTITLE
 #include "compat/setproctitle.h"
 #endif
@@ -228,6 +232,36 @@ close_sockets(void)
 
 /*--------------------------------------------------------------------*/
 
+/* Waive all privileges in the child, it does not need any */
+
+static inline void
+waive_privileges(void)
+{
+#ifdef HAVE_SETPPRIV
+	priv_set_t *empty;
+
+	if (!(empty = priv_allocset())) {
+		perror("priv_allocset_failed");
+		return;
+	}
+	priv_emptyset(empty);
+
+#define SETPPRIV(which, set)				       \
+	if (setppriv(PRIV_SET, which, set))		       \
+		perror("Waiving privileges failed on " #which)
+
+	SETPPRIV(PRIV_LIMIT, empty);
+	SETPPRIV(PRIV_INHERITABLE, empty);
+	SETPPRIV(PRIV_PERMITTED, empty); /* implies PRIV_EFFECTIVE */
+
+	priv_freeset(empty);
+#else
+	return;
+#endif
+}
+
+/*--------------------------------------------------------------------*/
+
 static void
 start_child(struct cli *cli)
 {
@@ -312,6 +346,8 @@ start_child(struct cli *cli)
 		}
 		printf("\n");
 
+		waive_privileges();
+
 		setproctitle("Varnish-Chld %s", heritage.name);
 
 		(void)signal(SIGINT, SIG_DFL);

configure.ac

@@ -126,6 +126,7 @@ AC_CHECK_HEADERS([pthread_np.h])
 AC_CHECK_HEADERS([stddef.h])
 AC_CHECK_HEADERS([stdlib.h])
 AC_CHECK_HEADERS([unistd.h])
+AC_CHECK_HEADERS([priv.h])
 
 # Checks for typedefs, structures, and compiler characteristics.
 AC_C_CONST
@@ -150,6 +151,7 @@ AC_CHECK_FUNCS([getdtablesize])
 AC_CHECK_FUNCS([abort2])
 AC_CHECK_FUNCS([timegm])
 AC_CHECK_FUNCS([nanosleep])
+AC_CHECK_FUNCS([setppriv])
 
 save_LIBS="${LIBS}"
 LIBS="${PTHREAD_LIBS}"