6
* this section of code will drop all (Solaris) privileges including
7
* those normally granted to all userland process (basic privileges). The
8
* effect of this is that after running this code, the process will not able
9
* to fork(), exec(), etc. See privileges(5) for more information.
11
void drop_privileges() {
12
priv_set_t *privs = priv_str_to_set("basic", ",", NULL);
15
perror("priv_str_to_set");
19
(void)priv_delset(privs, PRIV_FILE_LINK_ANY);
20
(void)priv_delset(privs, PRIV_PROC_EXEC);
21
(void)priv_delset(privs, PRIV_PROC_FORK);
22
(void)priv_delset(privs, PRIV_PROC_INFO);
23
(void)priv_delset(privs, PRIV_PROC_SESSION);
25
if (setppriv(PRIV_SET, PRIV_PERMITTED, privs) != 0) {
26
perror("setppriv(PRIV_SET, PRIV_PERMITTED)");
32
if (setppriv(PRIV_SET, PRIV_INHERITABLE, privs) != 0) {
33
perror("setppriv(PRIV_SET, PRIV_INHERITABLE)");
37
if (setppriv(PRIV_SET, PRIV_LIMIT, privs) != 0) {
38
perror("setppriv(PRIV_SET, PRIV_LIMIT)");