Date: Fri, 13 Aug 2010 12:35:17 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: jhell <jhell@dataix.net> Cc: freebsd-security@freebsd.org, Janne Snabb <snabb@epipe.com> Subject: Re: ~/.login_conf mechanism is flawed Message-ID: <86r5i2ssuy.fsf@ds4.des.no> In-Reply-To: <4C64D1EF.6030508@dataix.net> (jhell@dataix.net's message of "Fri, 13 Aug 2010 01:02:39 -0400") References: <alpine.BSF.2.00.1008100841350.96753@tiktik.epipe.com> <alpine.BSF.2.00.1008101503190.96753@tiktik.epipe.com> <201008121302.o7CD2BJv044208@lava.sentex.ca> <alpine.BSF.2.00.1008121828360.96753@tiktik.epipe.com> <4C64D1EF.6030508@dataix.net>
index | next in thread | previous in thread | raw e-mail
jhell <jhell@dataix.net> writes: > On the note of using a ~/.login_conf file for setting limits and in this > case increasing them. when they shouldn't be. > > I have been using a ~/.login_conf without generating the > ~/.login_conf.db through the use of cap_mkdb(1) for quite some time. So > on that, is it really necessary to look for that .db file at all since > ~/.login_conf works without it... It won't make any difference. The problem is that setusercontext() applies the user's settings even if it's still running as root. I have a patch, but I need to check that it doesn't break anything. DES -- Dag-Erling Smørgrav - des@des.nohome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86r5i2ssuy.fsf>