xref: /memcached-1.4.29/solaris_priv.c (revision 3fa31371) 
169aa5427STrond Norbye #include <stdlib.h>
269aa5427STrond Norbye #include <priv.h>
369aa5427STrond Norbye #include <stdio.h>
4*3fa31371STrond Norbye #include "memcached.h"
569aa5427STrond Norbye 
669aa5427STrond Norbye /*
769aa5427STrond Norbye  * this section of code will drop all (Solaris) privileges including
869aa5427STrond Norbye  * those normally granted to all userland process (basic privileges). The
969aa5427STrond Norbye  * effect of this is that after running this code, the process will not able
1069aa5427STrond Norbye  * to fork(), exec(), etc.  See privileges(5) for more information.
1169aa5427STrond Norbye  */
drop_privileges(void)12*3fa31371STrond Norbye void drop_privileges(void) {
1369aa5427STrond Norbye    priv_set_t *privs = priv_str_to_set("basic", ",", NULL);
1469aa5427STrond Norbye 
1569aa5427STrond Norbye    if (privs == NULL) {
1669aa5427STrond Norbye       perror("priv_str_to_set");
1769aa5427STrond Norbye       exit(EXIT_FAILURE);
1869aa5427STrond Norbye    }
1969aa5427STrond Norbye 
2069aa5427STrond Norbye    (void)priv_delset(privs, PRIV_FILE_LINK_ANY);
2169aa5427STrond Norbye    (void)priv_delset(privs, PRIV_PROC_EXEC);
2269aa5427STrond Norbye    (void)priv_delset(privs, PRIV_PROC_FORK);
2369aa5427STrond Norbye    (void)priv_delset(privs, PRIV_PROC_INFO);
2469aa5427STrond Norbye    (void)priv_delset(privs, PRIV_PROC_SESSION);
2569aa5427STrond Norbye 
2669aa5427STrond Norbye    if (setppriv(PRIV_SET, PRIV_PERMITTED, privs) != 0) {
2769aa5427STrond Norbye       perror("setppriv(PRIV_SET, PRIV_PERMITTED)");
2869aa5427STrond Norbye       exit(EXIT_FAILURE);
2969aa5427STrond Norbye    }
3069aa5427STrond Norbye 
3169aa5427STrond Norbye    priv_emptyset(privs);
3269aa5427STrond Norbye 
3369aa5427STrond Norbye    if (setppriv(PRIV_SET, PRIV_INHERITABLE, privs) != 0) {
3469aa5427STrond Norbye       perror("setppriv(PRIV_SET, PRIV_INHERITABLE)");
3569aa5427STrond Norbye       exit(EXIT_FAILURE);
3669aa5427STrond Norbye    }
3769aa5427STrond Norbye 
3869aa5427STrond Norbye    if (setppriv(PRIV_SET, PRIV_LIMIT, privs) != 0) {
3969aa5427STrond Norbye       perror("setppriv(PRIV_SET, PRIV_LIMIT)");
4069aa5427STrond Norbye       exit(EXIT_FAILURE);
4169aa5427STrond Norbye    }
4269aa5427STrond Norbye 
4369aa5427STrond Norbye    priv_freeset(privs);
4469aa5427STrond Norbye }
45