Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 15 Jul 2004 19:03:20 +0200
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        "Christian S.J. Peron" <csjp@FreeBSD.org>
Cc:        cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/sys/kern kern_descrip.c
Message-ID:  <20040715170320.GF12007@darkness.comp.waw.pl>
In-Reply-To: <200407141904.i6EJ4VKD016422@repoman.freebsd.org>
References:  <200407141904.i6EJ4VKD016422@repoman.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help

--LqIGKb6ivCeGIB65
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Jul 14, 2004 at 07:04:31PM +0000, Christian S.J. Peron wrote:
+> csjp        2004-07-14 19:04:31 UTC
+>=20
+>   FreeBSD src repository
+>=20
+>   Modified files:
+>     sys/kern             kern_descrip.c=20
+>   Log:
+>   In addition to the real user ID check, do an explicit jail
+>   check to ensure that the caller is not prison root.
+>  =20
+>   The intention is to fix file descriptor creation so that
+>   prison root can not use the last remaining file descriptors.
+>   This privilege should be reserved for non-jailed root users.
[...]
+>  	fp =3D uma_zalloc(file_zone, M_WAITOK | M_ZERO);
+>  	sx_xlock(&filelist_lock);
+> -	if ((nfiles >=3D maxuserfiles && td->td_ucred->cr_ruid !=3D 0)
+> -	   || nfiles >=3D maxfiles) {
+> +	if ((nfiles >=3D maxuserfiles && (td->td_ucred->cr_ruid !=3D 0 ||
+> +	   jailed(td->td_ucred))) || nfiles >=3D maxfiles) {
+>  		if (ppsratecheck(&lastfail, &curfail, 1)) {
+>  			printf("kern.maxfiles limit exceeded by uid %i, please see tuning(7)=
.\n",
+>  				td->td_ucred->cr_ruid);

Could we change 'td->td_ucred->cr_ruid !=3D 0 || jailed(td->td_ucred)' to
'suser(td) !=3D 0'?

--=20
Pawel Jakub Dawidek                       http://www.FreeBSD.org
pjd@FreeBSD.org                           http://garage.freebsd.pl
FreeBSD committer                         Am I Evil? Yes, I Am!

--LqIGKb6ivCeGIB65
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFA9rjYForvXbEpPzQRAhO+AJ9srXKrdVqBFw8GQAielszFG5LXfwCfS50s
3E2fcFPVfIXB630+SoDhJIs=
=fHKN
-----END PGP SIGNATURE-----

--LqIGKb6ivCeGIB65--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040715170320.GF12007>