diff options
author | Damien Miller <djm@mindrot.org> | 2016-01-08 14:24:56 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2016-01-08 14:29:12 +1100 |
commit | 4626cbaf78767fc8e9c86dd04785386c59ae0839 (patch) | |
tree | 449a777d8781a7f88724cbec9a4717f5b3fe4ec6 /sftp-server.c | |
parent | 422d1b3ee977ff4c724b597fb2e437d38fc8de9d (diff) |
Support Illumos/Solaris fine-grained privileges
Includes a pre-auth privsep sandbox and several pledge()
emulations. bz#2511, patch by Alex Wilson.
ok dtucker@
Diffstat (limited to 'sftp-server.c')
-rw-r--r-- | sftp-server.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sftp-server.c b/sftp-server.c index 62e76a505..79ef45b10 100644 --- a/sftp-server.c +++ b/sftp-server.c | |||
@@ -1598,6 +1598,9 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) | |||
1598 | fatal("unable to make the process undumpable"); | 1598 | fatal("unable to make the process undumpable"); |
1599 | #endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */ | 1599 | #endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */ |
1600 | 1600 | ||
1601 | /* Drop any fine-grained privileges we don't need */ | ||
1602 | platform_pledge_sftp_server(); | ||
1603 | |||
1601 | if ((cp = getenv("SSH_CONNECTION")) != NULL) { | 1604 | if ((cp = getenv("SSH_CONNECTION")) != NULL) { |
1602 | client_addr = xstrdup(cp); | 1605 | client_addr = xstrdup(cp); |
1603 | if ((cp = strchr(client_addr, ' ')) == NULL) { | 1606 | if ((cp = strchr(client_addr, ' ')) == NULL) { |