diff options
| author | David CARLIER <devnexen@gmail.com> | 2021-02-21 17:52:52 +0000 |
|---|---|---|
| committer | dormando <dormando@rydia.net> | 2022-08-25 20:35:04 -0700 |
| commit | 8f478cdaf50c1467fc2191ac1c3a8e85ec2efcff (patch) | |
| tree | 5197b5a3ffec2625e8417d3b95f8b08a9b5ada5b /darwin_priv.c | |
| parent | ed110bb0db938810d8fdb9d4e4b2fef9ab0bf5ac (diff) | |
| download | memcached-8f478cdaf50c1467fc2191ac1c3a8e85ec2efcff.tar.gz | |
MacOS drop privileges support
Diffstat (limited to 'darwin_priv.c')
| -rw-r--r-- | darwin_priv.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/darwin_priv.c b/darwin_priv.c new file mode 100644 index 0000000..411b5fa --- /dev/null +++ b/darwin_priv.c @@ -0,0 +1,28 @@ +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <sandbox.h> +#include "memcached.h" + +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wdeprecated-declarations" +/* + * the sandbox api is marked deprecated, however still used + * by couple of major softwares/libraries like openssh + */ +void drop_privileges() { + extern char *__progname; + char *error = NULL; + + if (sandbox_init(kSBXProfileNoInternet, SANDBOX_NAMED, &error) < 0) { + fprintf(stderr, "%s: sandbox_init: %s\n", __progname, error); + sandbox_free_error(error); + exit(EXIT_FAILURE); + } +} + +#pragma clang diagnostic pop + +void setup_privilege_violations_handler(void) { + // not needed +} |