Attached are 2 updated patches for building trousers on Solaris. These were made against the code from the 0.3.2 tarball.
The 'daemon' function is not currently available in Solaris but it will be coming soon, so it would be good to add a check for it in the configure script and then "ifdef" for it in the tcsd code. Signed-off-by: Wyllys Ingersoll <[email protected]> --- configure.in.orig Fri Sep 11 10:58:20 2009 +++ configure.in Fri Sep 11 10:57:59 2009 @@ -39,6 +39,10 @@ *ppc64* | *powerpc64* | *x86_64*) CFLAGS="$CFLAGS -m64" ;; + *solaris*) + CFLAGS="$CFLAGS -DSOLARIS" + AM_CONDITIONAL(SOLARIS_BUILD, true) + ;; *) ;; esac @@ -347,7 +351,9 @@ AC_PROG_CC AC_PROG_LIBTOOL -CFLAGS="$CFLAGS -I../include -W -Wall -Werror -Wno-unused-parameter -Wsign-compare \ +AC_CHECK_FUNC(daemon, [ AC_DEFINE(HAVE_DAEMON, 1, [daemon function is available]) ]) + +CFLAGS="$CFLAGS -I../include \ -DTCSD_DEFAULT_PORT=${TCSD_DEFAULT_PORT} -DTSS_VER_MAJOR=${TSS_VER_MAJOR} \ -DTSS_VER_MINOR=${TSS_VER_MINOR} -DTSS_SPEC_MAJOR=${TSS_SPEC_MAJOR} \ -DTSS_SPEC_MINOR=${TSS_SPEC_MINOR}" --- src/tcsd/svrside.c.orig Fri Jun 5 12:45:50 2009 +++ src/tcsd/svrside.c Fri Sep 11 10:28:23 2009 @@ -26,6 +26,11 @@ #include <arpa/inet.h> #include <errno.h> #include <getopt.h> +#if defined (SOLARIS) +#include <fcntl.h> +#include <priv.h> +#endif + #include "trousers/tss.h" #include "trousers_types.h" #include "tcs_tsp.h" @@ -212,12 +217,85 @@ fprintf(stderr, "\n"); } +#if defined (SOLARIS) + +/* + * For Solaris, make the tcsd privilege aware and drop + * risky privileges if they are not needed. + */ +static int +drop_privs() +{ + priv_set_t *myprivs; + int rv; + + /* + * Drop unneeded privs such as fork/exec. + * + * Get "basic" privs and remove the ones we don't want. + */ + if ((myprivs = priv_str_to_set("basic", ",", NULL)) == NULL) { + LogError("priv_str_to_set failed: %s", strerror(errno)); + return (1); + } else { + (void) priv_delset(myprivs, PRIV_PROC_EXEC); + (void) priv_delset(myprivs, PRIV_PROC_FORK); + (void) priv_delset(myprivs, PRIV_FILE_LINK_ANY); + (void) priv_delset(myprivs, PRIV_PROC_INFO); + (void) priv_delset(myprivs, PRIV_PROC_SESSION); + (void) priv_delset(myprivs, PRIV_PROC_SETID); + + /* for BSM auditing */ + (void) priv_addset(myprivs, PRIV_PROC_AUDIT); + + if ((rv = setppriv(PRIV_SET, PRIV_PERMITTED, myprivs))) + return (rv); + if ((rv = setppriv(PRIV_SET, PRIV_LIMIT, myprivs))) + return (rv); + if ((rv = setppriv(PRIV_SET, PRIV_INHERITABLE, myprivs))) + return (rv); + + (void) priv_freeset(myprivs); + } + return (0); +} +#endif /* SOLARIS */ + +#ifndef HAVE_DAEMON +static int +daemon(int nochdir, int noclose) { + int rv, fd; + + switch (fork()) { + case -1: + return (-1); + case 0: + break; + default: + exit (0); + } + + if (setsid() == -1) + return (-1); + if (!nochdir) + (void) chdir("/"); + if (!noclose && (fd = open("/dev/null", O_RDWR, 0)) != -1) { + (void) dup2(fd, STDIN_FILENO); + (void) dup2(fd, STDOUT_FILENO); + (void) dup2(fd, STDERR_FILENO); + if (fd > 2) + (void)close (fd); + } + return (0); +} +#endif /* !HAVE_DAEMON */ + int main(int argc, char **argv) { struct sockaddr_in serv_addr, client_addr; TSS_RESULT result; - int sd, newsd, c, option_index = 0; + int sd, newsd, c, rv, option_index = 0; unsigned client_len; char *hostname = NULL; struct hostent *client_hostent = NULL; @@ -251,6 +329,12 @@ return -1; } } +#ifdef SOLARIS + /* For Solaris, drop privileges for security. */ + rv = drop_privs(); + if (rv) + return (rv); +#endif /* SOLARIS */ sd = socket(AF_INET, SOCK_STREAM, 0); if (sd < 0) { ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
