Attachment #2761 for bug #2511

Lines 575-580 case "$host" in Link Here

(-)a/configure.ac (+20 lines)
575	LIBS="$LIBS /usr/lib/textreadmode.o"	575	LIBS="$LIBS /usr/lib/textreadmode.o"
576	AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])	576	AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
577	AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])	577	AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
		578	AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
		579	[Define to disable UID restoration test])
578	AC_DEFINE([DISABLE_SHADOW], [1],	580	AC_DEFINE([DISABLE_SHADOW], [1],
579	[Define if you want to disable shadow passwords])	581	[Define if you want to disable shadow passwords])
580	AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],	582	AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
Lines 909-914 mips-sony-bsd\|mips-sony-newsos4) Link Here
909	SP_MSG="yes" ], )	911	SP_MSG="yes" ], )
910	],	912	],
911	)	913	)
		914	AC_ARG_WITH([solaris-privs],
		915	[ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)],
		916	[
		917	AC_CHECK_FUNC([setppriv],
		918	[ AC_CHECK_HEADERS([priv.h])
		919	AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
		920	[Define to disable UID restoration test])
		921	AC_DEFINE([USE_SOLARIS_PRIVS], [1],
		922	[Define if you have Solaris privileges])
		923	SP_MSG="yes" ], )
		924	],
		925	)
912	TEST_SHELL=$SHELL # let configure find us a capable shell	926	TEST_SHELL=$SHELL # let configure find us a capable shell
913	;;	927	;;
914	--sunos4*)	928	--sunos4*)
Lines 3155-3160 elif test "x$sandbox_arg" = "xrlimit" \|\| \ Link Here
3155	AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])	3169	AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3156	SANDBOX_STYLE="rlimit"	3170	SANDBOX_STYLE="rlimit"
3157	AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])	3171	AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
		3172	elif test "x$sandbox_arg" = "xsolaris" \|\| \
		3173	( test -z "$sandbox_arg" && test "x$ac_cv_func_setppriv" = "xyes" ) ; then
		3174	test "x$ac_cv_func_setppriv" != "xyes" && \
		3175	AC_MSG_ERROR([solaris sandbox requires setppriv(2) support])
		3176	SANDBOX_STYLE="solaris"
		3177	AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges])
3158	elif test -z "$sandbox_arg" \|\| test "x$sandbox_arg" = "xno" \|\| \	3178	elif test -z "$sandbox_arg" \|\| test "x$sandbox_arg" = "xno" \|\| \
3159	test "x$sandbox_arg" = "xnone" \|\| test "x$sandbox_arg" = "xnull" ; then	3179	test "x$sandbox_arg" = "xnone" \|\| test "x$sandbox_arg" = "xnull" ; then
3160	SANDBOX_STYLE="none"	3180	SANDBOX_STYLE="none"




	}
}
#endif /* USE_SOLARIS_PROJECTS */

#ifdef USE_SOLARIS_PRIVS
# ifdef HAVE_PRIV_H
#  include <priv.h>
# endif

void
solaris_drop_fork_privs(void)
{
	priv_set_t *pset = NULL;

	if ((pset = priv_allocset()) == NULL)
		fatal("priv_allocset: %s", strerror(errno));

	/* Start with "basic" and drop everything we don't need. */
	priv_basicset(pset);

	priv_delset(pset, PRIV_PROC_EXEC);
	priv_delset(pset, PRIV_PROC_FORK);
	priv_delset(pset, PRIV_FILE_LINK_ANY);
	priv_delset(pset, PRIV_PROC_INFO);
	priv_delset(pset, PRIV_PROC_SESSION);

	if (setppriv(PRIV_SET, PRIV_PERMITTED, pset))
		fatal("setppriv: %s", strerror(errno));
	if (setppriv(PRIV_SET, PRIV_LIMIT, pset))
		fatal("setppriv: %s", strerror(errno));
	if (setppriv(PRIV_SET, PRIV_INHERITABLE, pset))
		fatal("setppriv: %s", strerror(errno));

	priv_freeset(pset);
}

void
solaris_drop_fork_net_privs(void)
{
	priv_set_t *pset = NULL;

	if ((pset = priv_allocset()) == NULL)
		fatal("priv_allocset: %s", strerror(errno));

	/* Start with "basic" and drop everything we don't need. */
	priv_basicset(pset);

	priv_delset(pset, PRIV_FILE_LINK_ANY);
	priv_delset(pset, PRIV_PROC_INFO);
	priv_delset(pset, PRIV_PROC_SESSION);
	priv_delset(pset, PRIV_PROC_FORK);
	priv_delset(pset, PRIV_NET_ACCESS);
	priv_delset(pset, PRIV_PROC_EXEC);

	if (setppriv(PRIV_SET, PRIV_PERMITTED, pset))
		fatal("setppriv: %s", strerror(errno));
	if (setppriv(PRIV_SET, PRIV_LIMIT, pset))
		fatal("setppriv: %s", strerror(errno));
	if (setppriv(PRIV_SET, PRIV_INHERITABLE, pset))
		fatal("setppriv: %s", strerror(errno));

	priv_freeset(pset);
}

#endif

Lines 26-30 void solaris_contract_pre_fork(void); Link Here

(-)a/openbsd-compat/port-solaris.h (+3 lines)
26	void solaris_contract_post_fork_child(void);	26	void solaris_contract_post_fork_child(void);
27	void solaris_contract_post_fork_parent(pid_t pid);	27	void solaris_contract_post_fork_parent(pid_t pid);
28	void solaris_set_default_project(struct passwd *);	28	void solaris_set_default_project(struct passwd *);
		29	void solaris_drop_fork_privs(void);
		30	void solaris_drop_fork_net_privs(void);
		31	void solaris_drop_all_privs(void);
29		32
30	#endif	33	#endif




#endif
	return 0;
}

/*
 * Drop any fine-grained privileges that are not needed for post-startup
 * operation of ssh-agent
 */
void
platform_drop_agent_privs(void)
{
#ifdef USE_SOLARIS_PRIVS
	solaris_drop_fork_privs();
#endif
}

/*
 * Drop any fine-grained privileges that are not needed for post-startup
 * operation of sftp-server
 */
void
platform_drop_sftp_server_privs(void)
{
#ifdef USE_SOLARIS_PRIVS
	solaris_drop_fork_net_privs();
#endif
}

Lines 31-33 void platform_setusercontext_post_groups(struct passwd *); Link Here

(-)a/platform.h (+2 lines)
31	char platform_get_krb5_client(const char );	31	char platform_get_krb5_client(const char );
32	char platform_krb5_get_principal_name(const char );	32	char platform_krb5_get_principal_name(const char );
33	int platform_sys_dir_uid(uid_t);	33	int platform_sys_dir_uid(uid_t);
		34	void platform_drop_agent_privs(void);
		35	void platform_drop_sftp_server_privs(void);




/*
 * Copyright (c) 2015 Joyent, Inc
 * Author: Alex Wilson <alex.wilson@joyent.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include "includes.h"

#ifdef SANDBOX_SOLARIS
#ifndef USE_SOLARIS_PRIVS
# error "--with-solaris-privs must be used with the Solaris sandbox"
#endif

#include <sys/types.h>

#include <errno.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#ifdef HAVE_PRIV_H
# include <priv.h>
#endif

#include "log.h"
#include "ssh-sandbox.h"
#include "xmalloc.h"

struct ssh_sandbox {
	priv_set_t *pset;
};

struct ssh_sandbox *
ssh_sandbox_init(struct monitor *monitor)
{
	struct ssh_sandbox *box = NULL;

	box = xcalloc(1, sizeof(*box));
	box->pset = priv_allocset();

	if (box->pset == NULL) {
		free(box);
		return NULL;
	}

	/* Start with "basic" and drop everything we don't need. */
	priv_basicset(box->pset);

	/* Drop everything except the ability to use already-opened files */
	priv_delset(box->pset, PRIV_FILE_LINK_ANY);
	priv_delset(box->pset, PRIV_PROC_INFO);
	priv_delset(box->pset, PRIV_PROC_SESSION);
	priv_delset(box->pset, PRIV_PROC_FORK);
	priv_delset(box->pset, PRIV_NET_ACCESS);
	priv_delset(box->pset, PRIV_PROC_EXEC);

	/* These may not be available on older Solaris-es */
# if defined(PRIV_FILE_READ) && defined(PRIV_FILE_WRITE)
	priv_delset(box->pset, PRIV_FILE_READ);
	priv_delset(box->pset, PRIV_FILE_WRITE);
# endif

	return box;
}

void
ssh_sandbox_child(struct ssh_sandbox *box)
{
	if (setppriv(PRIV_SET, PRIV_PERMITTED, box->pset))
		fatal("setppriv: %s", strerror(errno));
	if (setppriv(PRIV_SET, PRIV_LIMIT, box->pset))
		fatal("setppriv: %s", strerror(errno));
	if (setppriv(PRIV_SET, PRIV_INHERITABLE, box->pset))
		fatal("setppriv: %s", strerror(errno));
}

void
ssh_sandbox_parent_finish(struct ssh_sandbox *box)
{
	priv_freeset(box->pset);
	box->pset = NULL;
	free(box);
}

void
ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
{
	/* Nothing to do here */
}

#endif /* SANDBOX_SOLARIS */

Lines 1598-1603 sftp_server_main(int argc, char *argv, struct passwd user_pw) Link Here

(-)a/sftp-server.c (+3 lines)
1598	fatal("unable to make the process undumpable");	1598	fatal("unable to make the process undumpable");
1599	#endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */	1599	#endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */
1600		1600
		1601	/* Drop any fine-grained privileges we don't need */
		1602	platform_drop_sftp_server_privs();
		1603
1601	if ((cp = getenv("SSH_CONNECTION")) != NULL) {	1604	if ((cp = getenv("SSH_CONNECTION")) != NULL) {
1602	client_addr = xstrdup(cp);	1605	client_addr = xstrdup(cp);
1603	if ((cp = strchr(client_addr, ' ')) == NULL) {	1606	if ((cp = strchr(client_addr, ' ')) == NULL) {

Lines 1361-1366 main(int ac, char **av) Link Here

(-)a/ssh-agent.c (+3 lines)
1361	/* child */	1361	/* child */
1362	log_init(__progname, SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_AUTH, 0);	1362	log_init(__progname, SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_AUTH, 0);
1363		1363
		1364	/* Drop any fine-grained privileges we don't need */
		1365	platform_drop_agent_privs();
		1366
1364	if (setsid() == -1) {	1367	if (setsid() == -1) {
1365	error("setsid: %s", strerror(errno));	1368	error("setsid: %s", strerror(errno));
1366	cleanup_exit(1);	1369	cleanup_exit(1);

Lines 134-140 temporarily_use_uid(struct passwd *pw) Link Here

(-)a/uidswap.c (-7 / +12 lines)
134	void	134	void
135	permanently_drop_suid(uid_t uid)	135	permanently_drop_suid(uid_t uid)
136	{	136	{
137	#ifndef HAVE_CYGWIN	137	#ifndef NO_UID_RESTORATION_TEST
138	uid_t old_uid = getuid();	138	uid_t old_uid = getuid();
139	#endif	139	#endif
140		140
Lines 142-149 permanently_drop_suid(uid_t uid) Link Here
142	if (setresuid(uid, uid, uid) < 0)	142	if (setresuid(uid, uid, uid) < 0)
143	fatal("setresuid %u: %.100s", (u_int)uid, strerror(errno));	143	fatal("setresuid %u: %.100s", (u_int)uid, strerror(errno));
144		144
145	#ifndef HAVE_CYGWIN	145	#ifndef NO_UID_RESTORATION_TEST
146	/* Try restoration of UID if changed (test clearing of saved uid) */	146	/*
		147	* Try restoration of UID if changed (test clearing of saved uid).
		148	*
		149	* Note that we don't do this on Cygwin, or on Solaris-based platforms
		150	* where fine-grained privileges are available (the user might be
		151	* deliberately allowed the right to setuid back to root).
		152	*/
147	if (old_uid != uid &&	153	if (old_uid != uid &&
148	(setuid(old_uid) != -1 \|\| seteuid(old_uid) != -1))	154	(setuid(old_uid) != -1 \|\| seteuid(old_uid) != -1))
149	fatal("%s: was able to restore old [e]uid", __func__);	155	fatal("%s: was able to restore old [e]uid", __func__);
Lines 199-205 restore_uid(void) Link Here
199	void	205	void
200	permanently_set_uid(struct passwd *pw)	206	permanently_set_uid(struct passwd *pw)
201	{	207	{
202	#ifndef HAVE_CYGWIN	208	#ifndef NO_UID_RESTORATION_TEST
203	uid_t old_uid = getuid();	209	uid_t old_uid = getuid();
204	gid_t old_gid = getgid();	210	gid_t old_gid = getgid();
205	#endif	211	#endif
Lines 227-233 permanently_set_uid(struct passwd *pw) Link Here
227	if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0)	233	if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0)
228	fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));	234	fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
229		235
230	#ifndef HAVE_CYGWIN	236	#ifndef NO_UID_RESTORATION_TEST
231	/* Try restoration of GID if changed (test clearing of saved gid) */	237	/* Try restoration of GID if changed (test clearing of saved gid) */
232	if (old_gid != pw->pw_gid && pw->pw_uid != 0 &&	238	if (old_gid != pw->pw_gid && pw->pw_uid != 0 &&
233	(setgid(old_gid) != -1 \|\| setegid(old_gid) != -1))	239	(setgid(old_gid) != -1 \|\| setegid(old_gid) != -1))
Lines 241-247 permanently_set_uid(struct passwd *pw) Link Here
241	(u_int)pw->pw_gid);	247	(u_int)pw->pw_gid);
242	}	248	}
243		249
244	#ifndef HAVE_CYGWIN	250	#ifndef NO_UID_RESTORATION_TEST
245	/* Try restoration of UID if changed (test clearing of saved uid) */	251	/* Try restoration of UID if changed (test clearing of saved uid) */
246	if (old_uid != pw->pw_uid &&	252	if (old_uid != pw->pw_uid &&
247	(setuid(old_uid) != -1 \|\| seteuid(old_uid) != -1))	253	(setuid(old_uid) != -1 \|\| seteuid(old_uid) != -1))
248	-

Return to bug 2511

Lines 227-229 solaris_set_default_project(struct passwd *pw) Link Here

(-)a/openbsd-compat/port-solaris.c (+62 lines)
227	}	227	}
228	}	228	}
229	#endif /* USE_SOLARIS_PROJECTS */	229	#endif /* USE_SOLARIS_PROJECTS */
		230
		231	#ifdef USE_SOLARIS_PRIVS
		232	# ifdef HAVE_PRIV_H
		233	# include <priv.h>
		234	# endif
		235
		236	void
		237	solaris_drop_fork_privs(void)
		238	{
		239	priv_set_t *pset = NULL;
		240
		241	if ((pset = priv_allocset()) == NULL)
		242	fatal("priv_allocset: %s", strerror(errno));
		243
		244	/* Start with "basic" and drop everything we don't need. */
		245	priv_basicset(pset);
		246
		247	priv_delset(pset, PRIV_PROC_EXEC);
		248	priv_delset(pset, PRIV_PROC_FORK);
		249	priv_delset(pset, PRIV_FILE_LINK_ANY);
		250	priv_delset(pset, PRIV_PROC_INFO);
		251	priv_delset(pset, PRIV_PROC_SESSION);
		252
		253	if (setppriv(PRIV_SET, PRIV_PERMITTED, pset))
		254	fatal("setppriv: %s", strerror(errno));
		255	if (setppriv(PRIV_SET, PRIV_LIMIT, pset))
		256	fatal("setppriv: %s", strerror(errno));
		257	if (setppriv(PRIV_SET, PRIV_INHERITABLE, pset))
		258	fatal("setppriv: %s", strerror(errno));
		259
		260	priv_freeset(pset);
		261	}
		262
		263	void
		264	solaris_drop_fork_net_privs(void)
		265	{
		266	priv_set_t *pset = NULL;
		267
		268	if ((pset = priv_allocset()) == NULL)
		269	fatal("priv_allocset: %s", strerror(errno));
		270
		271	/* Start with "basic" and drop everything we don't need. */
		272	priv_basicset(pset);
		273
		274	priv_delset(pset, PRIV_FILE_LINK_ANY);
		275	priv_delset(pset, PRIV_PROC_INFO);
		276	priv_delset(pset, PRIV_PROC_SESSION);
		277	priv_delset(pset, PRIV_PROC_FORK);
		278	priv_delset(pset, PRIV_NET_ACCESS);
		279	priv_delset(pset, PRIV_PROC_EXEC);
		280
		281	if (setppriv(PRIV_SET, PRIV_PERMITTED, pset))
		282	fatal("setppriv: %s", strerror(errno));
		283	if (setppriv(PRIV_SET, PRIV_LIMIT, pset))
		284	fatal("setppriv: %s", strerror(errno));
		285	if (setppriv(PRIV_SET, PRIV_INHERITABLE, pset))
		286	fatal("setppriv: %s", strerror(errno));
		287
		288	priv_freeset(pset);
		289	}
		290
		291	#endif

Lines 213-215 platform_sys_dir_uid(uid_t uid) Link Here

(-)a/platform.c (+24 lines)
213	#endif	213	#endif
214	return 0;	214	return 0;
215	}	215	}
		216
		217	/*
		218	* Drop any fine-grained privileges that are not needed for post-startup
		219	* operation of ssh-agent
		220	*/
		221	void
		222	platform_drop_agent_privs(void)
		223	{
		224	#ifdef USE_SOLARIS_PRIVS
		225	solaris_drop_fork_privs();
		226	#endif
		227	}
		228
		229	/*
		230	* Drop any fine-grained privileges that are not needed for post-startup
		231	* operation of sftp-server
		232	*/
		233	void
		234	platform_drop_sftp_server_privs(void)
		235	{
		236	#ifdef USE_SOLARIS_PRIVS
		237	solaris_drop_fork_net_privs();
		238	#endif
		239	}

Line 0 Link Here

(-)a/sandbox-solaris.c (+103 lines)
		1	/*
		2	* Copyright (c) 2015 Joyent, Inc
		3	* Author: Alex Wilson <alex.wilson@joyent.com>
		4	*
		5	* Permission to use, copy, modify, and distribute this software for any
		6	* purpose with or without fee is hereby granted, provided that the above
		7	* copyright notice and this permission notice appear in all copies.
		8	*
		9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	*/
		17
		18	#include "includes.h"
		19
		20	#ifdef SANDBOX_SOLARIS
		21	#ifndef USE_SOLARIS_PRIVS
		22	# error "--with-solaris-privs must be used with the Solaris sandbox"
		23	#endif
		24
		25	#include <sys/types.h>
		26
		27	#include <errno.h>
		28	#include <stdarg.h>
		29	#include <stdio.h>
		30	#include <stdlib.h>
		31	#include <string.h>
		32	#include <unistd.h>
		33	#ifdef HAVE_PRIV_H
		34	# include <priv.h>
		35	#endif
		36
		37	#include "log.h"
		38	#include "ssh-sandbox.h"
		39	#include "xmalloc.h"
		40
		41	struct ssh_sandbox {
		42	priv_set_t *pset;
		43	};
		44
		45	struct ssh_sandbox *
		46	ssh_sandbox_init(struct monitor *monitor)
		47	{
		48	struct ssh_sandbox *box = NULL;
		49
		50	box = xcalloc(1, sizeof(*box));
		51	box->pset = priv_allocset();
		52
		53	if (box->pset == NULL) {
		54	free(box);
		55	return NULL;
		56	}
		57
		58	/* Start with "basic" and drop everything we don't need. */
		59	priv_basicset(box->pset);
		60
		61	/* Drop everything except the ability to use already-opened files */
		62	priv_delset(box->pset, PRIV_FILE_LINK_ANY);
		63	priv_delset(box->pset, PRIV_PROC_INFO);
		64	priv_delset(box->pset, PRIV_PROC_SESSION);
65	priv_delset(box->pset, PRIV_PROC_FORK);
66	priv_delset(box->pset, PRIV_NET_ACCESS);
67	priv_delset(box->pset, PRIV_PROC_EXEC);
68
69	/* These may not be available on older Solaris-es */
70	# if defined(PRIV_FILE_READ) && defined(PRIV_FILE_WRITE)
71	priv_delset(box->pset, PRIV_FILE_READ);
72	priv_delset(box->pset, PRIV_FILE_WRITE);
73	# endif
74
75	return box;
76	}
77
78	void
79	ssh_sandbox_child(struct ssh_sandbox *box)
80	{
81	if (setppriv(PRIV_SET, PRIV_PERMITTED, box->pset))
82	fatal("setppriv: %s", strerror(errno));
83	if (setppriv(PRIV_SET, PRIV_LIMIT, box->pset))
84	fatal("setppriv: %s", strerror(errno));
85	if (setppriv(PRIV_SET, PRIV_INHERITABLE, box->pset))
86	fatal("setppriv: %s", strerror(errno));
87	}
88
89	void
90	ssh_sandbox_parent_finish(struct ssh_sandbox *box)
91	{
92	priv_freeset(box->pset);
93	box->pset = NULL;
94	free(box);
95	}
96
97	void
98	ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
99	{
100	/* Nothing to do here */
101	}
102
103	#endif /* SANDBOX_SOLARIS */