One other feature we were able to easily put in place leverages security capabilities in OpenSolaris. In the Solaris least privilege model, a process can take privs away from itself. Why would it do that?
It’s well known that one security exploit vector for C code is to find a problem with memory handling, then use that to run another process on the system via a stack smash. memcached on OpenSolaris is privilege aware and takes those privs away from itself: root@domU-12-31-39-00-69-B3:/var# ppriv pgrep memcached 229: /usr/local/bin/memcached -u noaccess -L -m 676 flags = PRIV_AWARE E: basic,!file_link_any,!proc_exec,!proc_fork,!proc_info,!proc_session I: basic,!file_link_any,!proc_exec,!proc_fork,!proc_info,!proc_session P: basic,!file_link_any,!proc_exec,!proc_fork,!proc_info,!proc_session L: basic,!file_link_any,!proc_exec,!proc_fork,!proc_info,!proc_session As the ppriv command there shows, memcached has taken away file link/fork/exec/info/session privs away from itself.
