1 Patch origin: in-house

     2 Patch status: Solaris-specific; not suitable for upstream

     3 

     4 Drops extra privilege which was given via SMF manifest file.

     5 

     6 --- server/main.c

     7 +++ server/main.c

     8 @@ -45,6 +45,8 @@

     9  #include <unistd.h>

    10  #endif

    11  

    12 +#include <priv.h>

    13 +

    14  /* WARNING: Win32 binds http_main.c dynamically to the server. Please place

    15   *          extern functions and global data in another appropriate module.

    16   *

    17 @@ -452,6 +454,7 @@

    18      apr_status_t rv;

    19      module **mod;

    20      const char *opt_arg;

    21 +    priv_set_t *tset;

    22      APR_OPTIONAL_FN_TYPE(ap_signal_server) *signal_server;

    23  

    24      AP_MONCONTROL(0); /* turn off profiling of startup */

    25 @@ -788,6 +806,17 @@

    26  

    27          ap_run_optional_fn_retrieve();

    28  

    29 +

    30 +        /* here we drop privileges we won't need any more */

    31 +        tset = priv_allocset();

    32 +        priv_emptyset(tset);

    33 +        priv_addset(tset, PRIV_NET_PRIVADDR);

    34 +        if (setppriv(PRIV_OFF, PRIV_PERMITTED, tset) != 0) {

    35 +           ap_log_error(APLOG_MARK, APLOG_EMERG, 0, NULL,

    36 +                         APLOGNO(00021) "Unable to drop unneeded privilege.");

    37 +            destroy_and_exit_process(process, 1);

    38 +        }

    39 +

    40          ap_main_state = AP_SQ_MS_RUN_MPM;

    41          if (ap_run_mpm(pconf, plog, ap_server_conf) != OK)

    42              break;