equal
deleted
inserted
replaced
17 * information: Portions Copyright [yyyy] [name of copyright owner] |
17 * information: Portions Copyright [yyyy] [name of copyright owner] |
18 * |
18 * |
19 * CDDL HEADER END |
19 * CDDL HEADER END |
20 */ |
20 */ |
21 /* |
21 /* |
22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. |
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. |
23 * Use is subject to license terms. |
23 * Use is subject to license terms. |
24 */ |
24 */ |
25 |
|
26 #pragma ident "%Z%%M% %I% %E% SMI" |
|
27 |
25 |
28 #include <assert.h> |
26 #include <assert.h> |
29 #include <priv.h> |
27 #include <priv.h> |
30 #include <pwd.h> |
28 #include <pwd.h> |
31 #include <signal.h> |
29 #include <signal.h> |
130 "adt_alloc_event(ADT_logout): %m"); |
128 "adt_alloc_event(ADT_logout): %m"); |
131 return; |
129 return; |
132 } |
130 } |
133 if ((priv = priv_allocset()) == NULL) { |
131 if ((priv = priv_allocset()) == NULL) { |
134 syslog(LOG_AUTH | LOG_ALERT, |
132 syslog(LOG_AUTH | LOG_ALERT, |
135 "login audit_logout: could not alloc privs: %m"); |
133 "login audit_logout: could not alloc basic privs: %m"); |
136 adt_free_event(logout); |
134 adt_free_event(logout); |
137 return; |
135 return; |
138 } |
136 } |
139 |
137 |
140 /* |
138 /* |
175 "login audit_logut: could not chdir /: %m"); |
173 "login audit_logut: could not chdir /: %m"); |
176 } |
174 } |
177 /* |
175 /* |
178 * Reduce privileges to just those needed. |
176 * Reduce privileges to just those needed. |
179 */ |
177 */ |
180 priv_emptyset(priv); |
178 priv_basicset(priv); |
|
179 (void) priv_delset(priv, PRIV_PROC_EXEC); |
|
180 (void) priv_delset(priv, PRIV_PROC_FORK); |
|
181 (void) priv_delset(priv, PRIV_PROC_INFO); |
|
182 (void) priv_delset(priv, PRIV_PROC_SESSION); |
|
183 (void) priv_delset(priv, PRIV_FILE_LINK_ANY); |
181 if ((priv_addset(priv, PRIV_PROC_AUDIT) != 0) || |
184 if ((priv_addset(priv, PRIV_PROC_AUDIT) != 0) || |
182 (setppriv(PRIV_SET, PRIV_PERMITTED, priv) != 0)) { |
185 (setppriv(PRIV_SET, PRIV_PERMITTED, priv) != 0)) { |
183 syslog(LOG_AUTH | LOG_ALERT, |
186 syslog(LOG_AUTH | LOG_ALERT, |
184 "login audit_logout: could not reduce privs: %m"); |
187 "login audit_logout: could not reduce privs: %m"); |
185 } |
188 } |