2723 – drop two additional privileges (DAX_ACCESS and SYS_IB_INFO) from solaris sandbox

Bug 2723 - drop two additional privileges (DAX_ACCESS and SYS_IB_INFO) from solaris sandbox

Summary: drop two additional privileges (DAX_ACCESS and SYS_IB_INFO) from solaris sandbox

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	7.5p1
Hardware:	SPARC Solaris

Importance:	P5 normal
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:	V_7_6
	Show dependency tree / graph

Reported:	2017-05-26 06:32 AEST by huieying.lee
Modified:	2021-04-23 14:55 AEST (History)
CC List:	1 user (show)

See Also:

Attachments
drop_more_priv_in_solaris_sandbox (822 bytes, patch) 2017-05-26 06:32 AEST, huieying.lee	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description huieying.lee 2017-05-26 06:32:57 AEST

Created attachment 2984 [details]
drop_more_priv_in_solaris_sandbox

In the "solaris" sandbox at the pre-authentication phase, many privileges are deleted from the privilege separation child process. Attached patch is to drop two additional privileges, PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO, from the "solaris" sandbox. 

Note that PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO are supported in newer Solaris releases, for example, S11U3.

Comment 1 Damien Miller 2017-06-09 14:45:13 AEST

Applied - thanks. This will be in the OpenSSH 7.6 release

Comment 2 Damien Miller 2021-04-23 14:55:53 AEST

closing resolved bugs as of 8.6p1 release