Date: Fri, 24 Sep 2010 23:48:29 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org Subject: svn commit: r213145 - stable/7/lib/libutil Message-ID: <201009242348.o8ONmTl8043165@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Fri Sep 24 23:48:29 2010 New Revision: 213145 URL: http://svn.freebsd.org/changeset/base/213145 Log: MFC r211393 (by des): In setusercontext(), do not apply user settings unless running as the user in question (usually but not necessarily because we were called with LOGIN_SETUSER). This plugs a hole where users could raise their resource limits and expand their CPU mask. Approved by: des Modified: stable/7/lib/libutil/login_class.c Directory Properties: stable/7/lib/libutil/ (props changed) Modified: stable/7/lib/libutil/login_class.c ============================================================================== --- stable/7/lib/libutil/login_class.c Fri Sep 24 23:47:42 2010 (r213144) +++ stable/7/lib/libutil/login_class.c Fri Sep 24 23:48:29 2010 (r213145) @@ -523,7 +523,7 @@ setusercontext(login_cap_t *lc, const st /* * Now, we repeat some of the above for the user's private entries */ - if ((lc = login_getuserclass(pwd)) != NULL) { + if (getuid() == uid && (lc = login_getuserclass(pwd)) != NULL) { mymask = setlogincontext(lc, pwd, mymask, flags); login_close(lc); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201009242348.o8ONmTl8043165>