From 4626cbaf78767fc8e9c86dd04785386c59ae0839 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Fri, 8 Jan 2016 14:24:56 +1100
Subject: Support Illumos/Solaris fine-grained privileges

Includes a pre-auth privsep sandbox and several pledge()
emulations. bz#2511, patch by Alex Wilson.

ok dtucker@
---
 sftp-server.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'sftp-server.c')

diff --git a/sftp-server.c b/sftp-server.c
index 62e76a50..79ef45b1 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -1598,6 +1598,9 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
 		fatal("unable to make the process undumpable");
 #endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */
 
+	/* Drop any fine-grained privileges we don't need */
+	platform_pledge_sftp_server();
+
 	if ((cp = getenv("SSH_CONNECTION")) != NULL) {
 		client_addr = xstrdup(cp);
 		if ((cp = strchr(client_addr, ' ')) == NULL) {
-- 
cgit v1.2.1