Few comments:<br><br>* variables named like "pPrivSet" do not match local style. <br><br>* large #ifdef'ed out code are generally frowned upon. Could it be in a separate file (solaris-priv-drop.c?) which is conditionally compiled and linked in? Then the #ifdef segment could be one line.<br>
<br><br><div class="gmail_quote">On Mon, Jun 16, 2008 at 5:13 PM, Glenn Brunette <<a href="mailto:Glenn.Brunette@sun.com">Glenn.Brunette@sun.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
[Sorry for the re-send. Not sure what is going on. Full message<br>
was in Thunderbird when I sent it...]<div class="Ih2E3d"><br>
<br>
All,<br>
<br>
Per a suggestion from Brad, I wanted to follow up on my original<br>
posting with unified diffs for each of the two files modified. In<br>
addition, I compiled and tested memcached with these changes on a<br>
up-to-date (fully patched) Ubuntu Linux (Hardy Heron) system and<br>
everything worked as expected. Tests pass on both Solaris and Linux.<br>
<br>
During "configure", you will see the following on Linux:<br>
<br>
checking for setppriv... no<br>
checking priv.h usability... no<br>
checking priv.h presence... no<br>
checking for priv.h... no<br>
<br></div>
During "configure", you will see the following on Solaris:<br>
<br>
checking for setppriv... yes<br>
checking priv.h usability... yes<br>
checking priv.h presence... yes<br>
checking for priv.h... yes<br>
<br>
Included below are the unifed diffs...<br>
<br>
g<br>
<br>
--- BEGIN DIFFS ---<br>
<br>
--- memcached-1.2.5/<a href="http://configure.ac" target="_blank">configure.ac</a> Mon Mar 3 14:59:47 2008<br>
+++ memcached-1.2.5-priv/<a href="http://configure.ac" target="_blank">configure.ac</a> Mon Jun 9 10:45:53 2008<br>
@@ -201,6 +201,8 @@<br>
AC_CHECK_FUNCS(mlockall)<br>
AC_CHECK_FUNCS(getpagesizes)<br>
AC_CHECK_FUNCS(memcntl)<br>
+AC_CHECK_FUNCS(setppriv)<br>
+AC_CHECK_HEADER(priv.h, AC_DEFINE(HAVE_PRIV_H,,[do we have priv.h?]))<br>
<br>
AC_CONFIG_FILES(Makefile doc/Makefile)<br>
AC_OUTPUT<br>
<br>
<br>
<br>
--- ./memcached-1.2.5/memcached.c Mon Mar 3 14:13:45 2008<br>
+++ ./memcached-1.2.5-priv/memcached.c Mon Jun 9 13:31:04 2008<br>
@@ -59,6 +59,10 @@<br>
#endif<br>
#endif<br>
<br>
+#ifdef HAVE_PRIV_H<br>
+#include <priv.h><br>
+#endif /* HAVE_PRIV_H */<br>
+<br>
/*<br>
* forward declarations<br>
*/<br>
@@ -3044,7 +3048,55 @@<br>
}<br>
}<br>
<br>
+#if defined(HAVE_PRIV_H) && defined(HAVE_SETPPRIV)<br>
<br>
+ /* this section of code will drop all (Solaris) privileges including those<br>
+ * normally granted to all userland process (basic privileges). The effect<br>
+ * of this is that after running this code, the process will not able to<br>
+ * fork(), exec(), etc. See privileges(5) for more information.<br>
+ */<br>
+<br>
+ priv_set_t *pPrivSet = NULL;<br>
+ priv_set_t *oPrivSet = NULL;<br>
+<br>
+ if ((pPrivSet = priv_str_to_set("basic", ",", NULL)) == NULL) {<br>
+ perror("priv_str_to_set");<br>
+ exit(EXIT_FAILURE);<br>
+ }<br>
+<br>
+ (void) priv_delset(pPrivSet, PRIV_FILE_LINK_ANY);<br>
+ (void) priv_delset(pPrivSet, PRIV_PROC_EXEC);<br>
+ (void) priv_delset(pPrivSet, PRIV_PROC_FORK);<br>
+ (void) priv_delset(pPrivSet, PRIV_PROC_INFO);<br>
+ (void) priv_delset(pPrivSet, PRIV_PROC_SESSION);<br>
+<br>
+ if (setppriv(PRIV_SET, PRIV_PERMITTED, pPrivSet) != 0) {<br>
+ perror("setppriv(PRIV_SET, PRIV_PERMITTED)");<br>
+ exit(EXIT_FAILURE);<br>
+ }<br>
+<br>
+ if ((oPrivSet = priv_allocset()) == NULL) {<br>
+ perror("priv_allocset");<br>
+ exit(EXIT_FAILURE);<br>
+ }<br>
+<br>
+ priv_emptyset(oPrivSet);<br>
+<br>
+ if (setppriv(PRIV_SET, PRIV_INHERITABLE, oPrivSet) != 0) {<br>
+ perror("setppriv(PRIV_SET, PRIV_INHERITABLE)");<br>
+ exit(EXIT_FAILURE);<br>
+ }<br>
+<br>
+ if (setppriv(PRIV_SET, PRIV_LIMIT, oPrivSet) != 0) {<br>
+ perror("setppriv(PRIV_SET, PRIV_LIMIT)");<br>
+ exit(EXIT_FAILURE);<br>
+ }<br>
+<br>
+ priv_freeset(pPrivSet);<br>
+ priv_freeset(oPrivSet);<br>
+<br>
+#endif /* defined(HAVE_PRIV_H) && defined(HAVE_SETPPRIV) */<br>
+<br>
/* initialize main thread libevent instance */<br>
main_base = event_init();<br>
<br>
<br>
--- END DIFFS ---<br>
</blockquote></div><br>