From 6f08fade162303925f5a134226b0a34044d13646 Mon Sep 17 00:00:00 2001 From: Andy Fiddaman Date: Fri, 30 Dec 2022 18:06:57 +0000 Subject: Drop unnecessary privileges --- os-posix.c | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/os-posix.c b/os-posix.c index 52925c23d3..53114fc84b 100644 --- a/os-posix.c +++ b/os-posix.c @@ -29,6 +29,7 @@ #include #include #include +#include #include "qemu/error-report.h" #include "qemu/log.h" @@ -282,6 +283,45 @@ void os_setup_limits(void) } } +/* + * In case qemu is started as root, drop unnecessary privileges. + */ +static void +illumos_drop_privileges(void) +{ + priv_set_t *privs, *wantedprivs; + + privs = priv_allocset(); + wantedprivs = priv_allocset(); + + if (privs == NULL || wantedprivs == NULL) { + error_report("Unable to allocate privilege sets"); + exit(1); + } + + if (getppriv(PRIV_PERMITTED, privs) != 0) { + error_report("Failed to retrieve current privileges"); + exit(1); + } + + priv_basicset(wantedprivs); + priv_delset(wantedprivs, PRIV_FILE_LINK_ANY); + priv_delset(wantedprivs, PRIV_PROC_INFO); + priv_delset(wantedprivs, PRIV_PROC_SESSION); + priv_addset(wantedprivs, PRIV_NET_RAWACCESS); /* VNIC net backend */ + priv_intersect(wantedprivs, privs); + + if (setppriv(PRIV_SET, PRIV_PERMITTED, privs) != 0 || + setppriv(PRIV_SET, PRIV_INHERITABLE, privs) != 0 || + setppriv(PRIV_SET, PRIV_LIMIT, privs) != 0) { + error_report("Failed to reduce privileges"); + exit(1); + } + + priv_freeset(wantedprivs); + priv_freeset(privs); +} + void os_setup_post(void) { int fd = 0; @@ -299,6 +339,7 @@ void os_setup_post(void) change_root(); change_process_uid(); + illumos_drop_privileges(); if (daemonize) { uint8_t status = 0;