Print this page
uts: add a concept of a 'default' set of privileges, separate from 'basic'
@@ -198,10 +198,13 @@
libc_free(tmparr);
break;
case PRIV_INFO_BASICPRIVS:
tmp->pd_basicset = (priv_set_t *)&st->set[0];
break;
+ case PRIV_INFO_DEFAULTPRIVS:
+ tmp->pd_defaultset = (priv_set_t *)&st->set[0];
+ break;
default:
/* unknown, ignore */
break;
}
x += na->info.priv_info_size;
@@ -494,10 +497,11 @@
if (nset == NULL)
return (-1);
/* Always add the basic set */
+ /* XXX: Always add the _default_ set? */
if (d->pd_basicset != NULL)
priv_union(d->pd_basicset, nset);
/*
* This is not a significant failure: it allows us to start programs
@@ -646,10 +650,11 @@
goto end;
priv_copyset(nset, bracketpriv);
/* Always add the basic set */
+ /* XXX: Always add the default set? */
priv_union(priv_basic(), nset);
/* But don't add what we don't have */
priv_intersect(tmpset, nset);
@@ -873,10 +878,16 @@
{
priv_copyset(priv_basic(), set);
}
void
+priv_defaultset(priv_set_t *set)
+{
+ priv_copyset(priv_default(), set);
+}
+
+void
__priv_fillset(priv_data_t *d, priv_set_t *set)
{
(void) memset(set, ~0, d->pd_setsize);
}