Bugzilla – Attachment 2984 Details for
Bug 2723
drop two additional privileges (DAX_ACCESS and SYS_IB_INFO) from solaris sandbox
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
drop_more_priv_in_solaris_sandbox
drop_priv_in_solaris_sandbox.patch (text/plain), 822 bytes, created by
huieying.lee
on 2017-05-26 06:32:57 AEST
(
hide
)
Description:
drop_more_priv_in_solaris_sandbox
Filename:
MIME Type:
Creator:
huieying.lee
Created:
2017-05-26 06:32:57 AEST
Size:
822 bytes
patch
obsolete
># ># In the "solaris" sandbox at the pre-authentication phase, many privileges are ># deleted from the privilege separation child process. This patch is to drop ># two additional privileges, PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO, from the ># "solaris" sandbox. ># >--- orig/sandbox-solaris.c 2017-05-24 15:54:45.895199390 -0700 >+++ new/sandbox-solaris.c 2017-05-24 16:01:15.231817175 -0700 >@@ -62,6 +62,12 @@ > #ifdef PRIV_NET_ACCESS > priv_delset(box->pset, PRIV_NET_ACCESS) != 0 || > #endif >+#ifdef PRIV_DAX_ACCESS >+ priv_delset(box->pset, PRIV_DAX_ACCESS) != 0 || >+#endif >+#ifdef PRIV_SYS_IB_INFO >+ priv_delset(box->pset, PRIV_SYS_IB_INFO) != 0 || >+#endif > priv_delset(box->pset, PRIV_PROC_EXEC) != 0 || > priv_delset(box->pset, PRIV_PROC_FORK) != 0 || > priv_delset(box->pset, PRIV_PROC_INFO) != 0 ||
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2984">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2723
: 2984