summaryrefslogtreecommitdiff
path: root/sftp-server.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2016-01-08 14:24:56 +1100
committerDamien Miller <djm@mindrot.org>2016-01-08 14:29:12 +1100
commit4626cbaf78767fc8e9c86dd04785386c59ae0839 (patch)
tree449a777d8781a7f88724cbec9a4717f5b3fe4ec6 /sftp-server.c
parent422d1b3ee977ff4c724b597fb2e437d38fc8de9d (diff)
Support Illumos/Solaris fine-grained privileges
Includes a pre-auth privsep sandbox and several pledge() emulations. bz#2511, patch by Alex Wilson. ok dtucker@
Diffstat (limited to 'sftp-server.c')
-rw-r--r--sftp-server.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/sftp-server.c b/sftp-server.c
index 62e76a50..79ef45b1 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -1598,6 +1598,9 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
fatal("unable to make the process undumpable");
#endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */
+ /* Drop any fine-grained privileges we don't need */
+ platform_pledge_sftp_server();
+
if ((cp = getenv("SSH_CONNECTION")) != NULL) {
client_addr = xstrdup(cp);
if ((cp = strchr(client_addr, ' ')) == NULL) {