MySQL 5.6.14 Source Code Document
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Groups Pages
solaris_priv.c
1 #include "config.h"
2 #include <stdlib.h>
3 #include <priv.h>
4 #include <stdio.h>
5 #include "memcached.h"
6 
7 /*
8  * this section of code will drop all (Solaris) privileges including
9  * those normally granted to all userland process (basic privileges). The
10  * effect of this is that after running this code, the process will not able
11  * to fork(), exec(), etc. See privileges(5) for more information.
12  */
13 void drop_privileges(void) {
14  priv_set_t *privs = priv_str_to_set("basic", ",", NULL);
15 
16  if (privs == NULL) {
17  perror("priv_str_to_set");
18  exit(EXIT_FAILURE);
19  }
20 
21  (void)priv_delset(privs, PRIV_FILE_LINK_ANY);
22  (void)priv_delset(privs, PRIV_PROC_EXEC);
23  (void)priv_delset(privs, PRIV_PROC_FORK);
24  (void)priv_delset(privs, PRIV_PROC_INFO);
25  (void)priv_delset(privs, PRIV_PROC_SESSION);
26 
27  if (setppriv(PRIV_SET, PRIV_PERMITTED, privs) != 0) {
28  perror("setppriv(PRIV_SET, PRIV_PERMITTED)");
29  exit(EXIT_FAILURE);
30  }
31 
32  priv_emptyset(privs);
33 
34  if (setppriv(PRIV_SET, PRIV_INHERITABLE, privs) != 0) {
35  perror("setppriv(PRIV_SET, PRIV_INHERITABLE)");
36  exit(EXIT_FAILURE);
37  }
38 
39  if (setppriv(PRIV_SET, PRIV_LIMIT, privs) != 0) {
40  perror("setppriv(PRIV_SET, PRIV_LIMIT)");
41  exit(EXIT_FAILURE);
42  }
43 
44  priv_freeset(privs);
45 }