git.m6w6.name Git - awesomized/libmemcached/blob - memcached/solaris_priv.c

   1 #include <stdlib.h>
   2 #include <priv.h>
   3 #include <stdio.h>
   4 #include "memcached.h"
   5
   6 /*
   7  * this section of code will drop all (Solaris) privileges including
   8  * those normally granted to all userland process (basic privileges). The
   9  * effect of this is that after running this code, the process will not able
  10  * to fork(), exec(), etc.  See privileges(5) for more information.
  11  */
  12 void drop_privileges(void) {
  13    priv_set_t *privs = priv_str_to_set("basic", ",", NULL);
  14
  15    if (privs == NULL) {
  16       perror("priv_str_to_set");
  17       exit(EXIT_FAILURE);
  18    }
  19
  20    (void)priv_delset(privs, PRIV_FILE_LINK_ANY);
  21    (void)priv_delset(privs, PRIV_PROC_EXEC);
  22    (void)priv_delset(privs, PRIV_PROC_FORK);
  23    (void)priv_delset(privs, PRIV_PROC_INFO);
  24    (void)priv_delset(privs, PRIV_PROC_SESSION);
  25
  26    if (setppriv(PRIV_SET, PRIV_PERMITTED, privs) != 0) {
  27       perror("setppriv(PRIV_SET, PRIV_PERMITTED)");
  28       exit(EXIT_FAILURE);
  29    }
  30
  31    priv_emptyset(privs);
  32
  33    if (setppriv(PRIV_SET, PRIV_INHERITABLE, privs) != 0) {
  34       perror("setppriv(PRIV_SET, PRIV_INHERITABLE)");
  35       exit(EXIT_FAILURE);
  36    }
  37
  38    if (setppriv(PRIV_SET, PRIV_LIMIT, privs) != 0) {
  39       perror("setppriv(PRIV_SET, PRIV_LIMIT)");
  40       exit(EXIT_FAILURE);
  41    }
  42
  43    priv_freeset(privs);
  44 }