RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

retain Solaris PRIV_FILE_LINK_ANY in sftp-server 

Dropping this privilege removes the ability to create hard links to
files owned by other users. This is required for the legacy sftp rename
operation.

bz#3036; approach ok Alex Wilson (the original author of the Solaris
sandbox/pledge replacement code)
This commit is contained in:
Damien Miller 2019-09-02 10:22:02 +10:00
parent e50f808712
commit 6b7c53498d
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
openbsd-compat/port-solaris.c
View File

@ -284,11 +284,10 @@ solaris_drop_privs_pinfo_net_fork_exec(void)
priv_addset(npset, PRIV_FILE_OWNER) != 0)
fatal("priv_addset: %s", strerror(errno));
if (priv_delset(npset, PRIV_FILE_LINK_ANY) != 0 ||
if (priv_delset(npset, PRIV_PROC_EXEC) != 0 ||
#ifdef PRIV_NET_ACCESS
priv_delset(npset, PRIV_NET_ACCESS) != 0 ||
#endif
priv_delset(npset, PRIV_PROC_EXEC) != 0 ||
priv_delset(npset, PRIV_PROC_FORK) != 0 ||
priv_delset(npset, PRIV_PROC_INFO) != 0 ||
priv_delset(npset, PRIV_PROC_SESSION) != 0)