1 #include <stdlib.h>
2 #include <priv.h>
3 #include <stdio.h>
4 #include "memcached.h"
5
6 /*
7 * this section of code will drop all (Solaris) privileges including
8 * those normally granted to all userland process (basic privileges). The
9 * effect of this is that after running this code, the process will not able
10 * to fork(), exec(), etc. See privileges(5) for more information.
11 */
drop_privileges(void)12 void drop_privileges(void) {
13 priv_set_t *privs = priv_str_to_set("basic", ",", NULL);
14
15 if (privs == NULL) {
16 perror("priv_str_to_set");
17 exit(EXIT_FAILURE);
18 }
19
20 (void)priv_delset(privs, PRIV_FILE_LINK_ANY);
21 (void)priv_delset(privs, PRIV_PROC_EXEC);
22 (void)priv_delset(privs, PRIV_PROC_FORK);
23 (void)priv_delset(privs, PRIV_PROC_INFO);
24 (void)priv_delset(privs, PRIV_PROC_SESSION);
25
26 if (setppriv(PRIV_SET, PRIV_PERMITTED, privs) != 0) {
27 perror("setppriv(PRIV_SET, PRIV_PERMITTED)");
28 exit(EXIT_FAILURE);
29 }
30
31 priv_emptyset(privs);
32
33 if (setppriv(PRIV_SET, PRIV_INHERITABLE, privs) != 0) {
34 perror("setppriv(PRIV_SET, PRIV_INHERITABLE)");
35 exit(EXIT_FAILURE);
36 }
37
38 if (setppriv(PRIV_SET, PRIV_LIMIT, privs) != 0) {
39 perror("setppriv(PRIV_SET, PRIV_LIMIT)");
40 exit(EXIT_FAILURE);
41 }
42
43 priv_freeset(privs);
44 }
45