| Summary: | drop two additional privileges (DAX_ACCESS and SYS_IB_INFO) from solaris sandbox | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | huieying.lee | ||||
| Component: | sshd | Assignee: | Assigned to nobody <unassigned-bugs> | ||||
| Status: | CLOSED FIXED | ||||||
| Severity: | normal | CC: | djm | ||||
| Priority: | P5 | ||||||
| Version: | 7.5p1 | ||||||
| Hardware: | SPARC | ||||||
| OS: | Solaris | ||||||
| Bug Depends on: | |||||||
| Bug Blocks: | 2698 | ||||||
| Attachments: |
|
||||||
Applied - thanks. This will be in the OpenSSH 7.6 release closing resolved bugs as of 8.6p1 release |
Created attachment 2984 [details] drop_more_priv_in_solaris_sandbox In the "solaris" sandbox at the pre-authentication phase, many privileges are deleted from the privilege separation child process. Attached patch is to drop two additional privileges, PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO, from the "solaris" sandbox. Note that PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO are supported in newer Solaris releases, for example, S11U3.