--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/apache24/patches/priv_drop.patch Thu Sep 11 12:35:18 2014 -0700
@@ -0,0 +1,42 @@
+Patch origin: in-house
+Patch status: Solaris-specific; not suitable for upstream
+
+Drops extra privilege which was given via SMF manifest file.
+
+--- server/main.c
++++ server/main.c
+@@ -45,6 +45,8 @@
+ #include <unistd.h>
+ #endif
+
++#include <priv.h>
++
+ /* WARNING: Win32 binds http_main.c dynamically to the server. Please place
+ * extern functions and global data in another appropriate module.
+ *
+@@ -452,6 +454,7 @@
+ apr_status_t rv;
+ module **mod;
+ const char *opt_arg;
++ priv_set_t *tset;
+ APR_OPTIONAL_FN_TYPE(ap_signal_server) *signal_server;
+
+ AP_MONCONTROL(0); /* turn off profiling of startup */
+@@ -788,6 +806,17 @@
+
+ ap_run_optional_fn_retrieve();
+
++
++ /* here we drop privileges we won't need any more */
++ tset = priv_allocset();
++ priv_emptyset(tset);
++ priv_addset(tset, PRIV_NET_PRIVADDR);
++ if (setppriv(PRIV_OFF, PRIV_PERMITTED, tset) != 0) {
++ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, NULL,
++ APLOGNO(00021) "Unable to drop unneeded privilege.");
++ destroy_and_exit_process(process, 1);
++ }
++
+ ap_main_state = AP_SQ_MS_RUN_MPM;
+ if (ap_run_mpm(pconf, plog, ap_server_conf) != OK)
+ break;