On Solaris, disabling the proc_exec privilege appears to interfere

with DAC file permissions.  Adding DAC override permissions to the
inheritable set works around this for commands run as root without
giving extra permissions to other users.  Bug #626

src/exec_common.c

@@ -65,6 +65,9 @@ disable_execute(char *const envp[])
 
 #ifdef HAVE_PRIV_SET
     /* Solaris privileges, remove PRIV_PROC_EXEC post-execve. */
+    (void)priv_set(PRIV_ON, PRIV_INHERITABLE, "PRIV_FILE_DAC_READ", NULL);
+    (void)priv_set(PRIV_ON, PRIV_INHERITABLE, "PRIV_FILE_DAC_WRITE", NULL);
+    (void)priv_set(PRIV_ON, PRIV_INHERITABLE, "PRIV_FILE_DAC_SEARCH", NULL);
     if (priv_set(PRIV_OFF, PRIV_LIMIT, "PRIV_PROC_EXEC", NULL) == 0)
 	debug_return_ptr(envp);
     warning(U_("unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"));