From owner-freebsd-bugs@FreeBSD.ORG Tue May 4 12:10:19 2004 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2ACA516A4CE for ; Tue, 4 May 2004 12:10:19 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id C1B4243D2D for ; Tue, 4 May 2004 12:10:18 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) i44JAIVf087536 for ; Tue, 4 May 2004 12:10:18 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i44JAIYJ087535; Tue, 4 May 2004 12:10:18 -0700 (PDT) (envelope-from gnats) Resent-Date: Tue, 4 May 2004 12:10:18 -0700 (PDT) Resent-Message-Id: <200405041910.i44JAIYJ087535@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Adam Nowacki Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0BC0016A4CE for ; Tue, 4 May 2004 12:07:23 -0700 (PDT) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8E91F43D67 for ; Tue, 4 May 2004 12:07:22 -0700 (PDT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.12.11/8.12.11) with ESMTP id i44J7LrY003020 for ; Tue, 4 May 2004 12:07:21 -0700 (PDT) (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.12.11/8.12.11/Submit) id i44J7LVu003019; Tue, 4 May 2004 12:07:21 -0700 (PDT) (envelope-from nobody) Message-Id: <200405041907.i44J7LVu003019@www.freebsd.org> Date: Tue, 4 May 2004 12:07:21 -0700 (PDT) From: Adam Nowacki To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Subject: kern/66268: [PATCH] Socket buffer resource limit (RLIMIT_SBSIZE) use uid instead of ruid X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 May 2004 19:10:19 -0000 >Number: 66268 >Category: kern >Synopsis: [PATCH] Socket buffer resource limit (RLIMIT_SBSIZE) use uid instead of ruid >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue May 04 12:10:18 PDT 2004 >Closed-Date: >Last-Modified: >Originator: Adam Nowacki >Release: 4.8 >Organization: >Environment: FreeBSD shell.sinuspl.net 4.8-RELEASE-p17 FreeBSD 4.8-RELEASE-p17 #5: Thu Mar 25 22:28:39 CET 2004 root@shell.sinuspl.net:/usr/src/sys/compile/SHELL i386 >Description: RLIMIT_SBSIZE use uid instead of ruid, what causes some problems (ex. 'No buffer space available' for suid programs). Thats wrong, because users realy dont exceed their limits. >How-To-Repeat: Login as a normal user, set RLIMIT_SBSIZE to something small, but enought to be able to ping 127.0.0.1. As root open a lot of connections to exceed RLIMIT_SBSIZE limit set before. Go back to normal user and ping 127.0.0.1, you will get 'ping: socket: No buffer space available'. >Fix: --- old.uipc_socket.c Sun Dec 15 10:24:23 2002 +++ uipc_socket.c Tue May 4 20:55:51 2004 @@ -190,10 +190,10 @@ so->so_gencnt = ++so_gencnt; if (so->so_rcv.sb_hiwat) - (void)chgsbsize(so->so_cred->cr_uidinfo, + (void)chgsbsize(so->so_cred->cr_ruidinfo, &so->so_rcv.sb_hiwat, 0, RLIM_INFINITY); if (so->so_snd.sb_hiwat) - (void)chgsbsize(so->so_cred->cr_uidinfo, + (void)chgsbsize(so->so_cred->cr_ruidinfo, &so->so_snd.sb_hiwat, 0, RLIM_INFINITY); #ifdef INET if (so->so_accf != NULL) { --- old.uipc_socket2.c Sat Aug 31 21:04:55 2002 +++ uipc_socket2.c Tue May 4 20:56:07 2004 @@ -414,7 +414,7 @@ */ if (cc > sb_max_adj) return (0); - if (!chgsbsize(so->so_cred->cr_uidinfo, &sb->sb_hiwat, cc, + if (!chgsbsize(so->so_cred->cr_ruidinfo, &sb->sb_hiwat, cc, p ? p->p_rlimit[RLIMIT_SBSIZE].rlim_cur : RLIM_INFINITY)) { return (0); } @@ -434,7 +434,7 @@ { sbflush(sb); - (void)chgsbsize(so->so_cred->cr_uidinfo, &sb->sb_hiwat, 0, + (void)chgsbsize(so->so_cred->cr_ruidinfo, &sb->sb_hiwat, 0, RLIM_INFINITY); sb->sb_mbmax = 0; } --- old.uipc_usrreq.c Tue Mar 4 18:28:09 2003 +++ uipc_usrreq.c Tue May 4 20:56:22 2004 @@ -249,7 +249,7 @@ unp->unp_mbcnt = so->so_rcv.sb_mbcnt; newhiwat = so2->so_snd.sb_hiwat + unp->unp_cc - so->so_rcv.sb_cc; - (void)chgsbsize(so2->so_cred->cr_uidinfo, &so2->so_snd.sb_hiwat, + (void)chgsbsize(so2->so_cred->cr_ruidinfo, &so2->so_snd.sb_hiwat, newhiwat, RLIM_INFINITY); unp->unp_cc = so->so_rcv.sb_cc; sowwakeup(so2); @@ -358,7 +358,7 @@ unp->unp_conn->unp_mbcnt = so2->so_rcv.sb_mbcnt; newhiwat = so->so_snd.sb_hiwat - (so2->so_rcv.sb_cc - unp->unp_conn->unp_cc); - (void)chgsbsize(so->so_cred->cr_uidinfo, &so->so_snd.sb_hiwat, + (void)chgsbsize(so->so_cred->cr_ruidinfo, &so->so_snd.sb_hiwat, newhiwat, RLIM_INFINITY); unp->unp_conn->unp_cc = so2->so_rcv.sb_cc; sorwakeup(so2); >Release-Note: >Audit-Trail: >Unformatted: