From owner-cvs-src@FreeBSD.ORG  Thu Jul 15 17:21:30 2004
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 59AE816A4CE; Thu, 15 Jul 2004 17:21:30 +0000 (GMT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 1040643D58; Thu, 15 Jul 2004 17:21:30 +0000 (GMT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (localhost [127.0.0.1])
	by fledge.watson.org (8.12.11/8.12.11) with ESMTP id i6FHLABW089640;
	Thu, 15 Jul 2004 13:21:10 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Received: from localhost (robert@localhost)i6FHLAcJ089637;
	Thu, 15 Jul 2004 13:21:10 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Thu, 15 Jul 2004 13:21:09 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: Pawel Jakub Dawidek <pjd@FreeBSD.org>
In-Reply-To: <20040715170320.GF12007@darkness.comp.waw.pl>
Message-ID: <Pine.NEB.3.96L.1040715131957.67360D-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: cvs-src@FreeBSD.org
cc: src-committers@FreeBSD.org
cc: "Christian S.J. Peron" <csjp@FreeBSD.org>
cc: cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/kern kern_descrip.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jul 2004 17:21:30 -0000


On Thu, 15 Jul 2004, Pawel Jakub Dawidek wrote:

> On Wed, Jul 14, 2004 at 07:04:31PM +0000, Christian S.J. Peron wrote:
> +> csjp        2004-07-14 19:04:31 UTC
> +> 
> +>   FreeBSD src repository
> +> 
> +>   Modified files:
> +>     sys/kern             kern_descrip.c 
> +>   Log:
> +>   In addition to the real user ID check, do an explicit jail
> +>   check to ensure that the caller is not prison root.
> +>   
> +>   The intention is to fix file descriptor creation so that
> +>   prison root can not use the last remaining file descriptors.
> +>   This privilege should be reserved for non-jailed root users.
> [...]
> +>  	fp = uma_zalloc(file_zone, M_WAITOK | M_ZERO);
> +>  	sx_xlock(&filelist_lock);
> +> -	if ((nfiles >= maxuserfiles && td->td_ucred->cr_ruid != 0)
> +> -	   || nfiles >= maxfiles) {
> +> +	if ((nfiles >= maxuserfiles && (td->td_ucred->cr_ruid != 0 ||
> +> +	   jailed(td->td_ucred))) || nfiles >= maxfiles) {
> +>  		if (ppsratecheck(&lastfail, &curfail, 1)) {
> +>  			printf("kern.maxfiles limit exceeded by uid %i, please see tuning(7).\n",
> +>  				td->td_ucred->cr_ruid);
> 
> Could we change 'td->td_ucred->cr_ruid != 0 || jailed(td->td_ucred)' to
> 'suser(td) != 0'?

No, because suser(td) checks the effective uid, not the real uid.  Which
is the reason I asked him to change it to that before committing, and why
Colin had to back out his commit also :-). Colin is preparing patches to
add a flag to suser_cred() to allow the caller to say they care about the
real uid. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Principal Research Scientist, McAfee Research