I solved the problem by making a small syscall KLD get_uid_nproc that
just returns the result of
chgproccnt(SCARG(uap, uid), 0);
and by having suexec use this syscall to determine whether or not to
exec the CGI:
stat.version = sizeof(stat);
mod_id = modfind("get_uid_nproc");
if ((mod_id > 0) && (modstat(mod_id, &stat) == 0)) {
getrlimit(RLIMIT_NPROC, &rlim);
n_procs = syscall(stat.data.intval, uid);
if (n_procs >= rlim.rlim_cur) {
printf("Content-type: text/html\n\n"
"Too many processes running for this user.\n");
log_err("Process limit exceeded (%ld)\n", n_procs);
exit(122);
}
}
So now RLimitNPROC in Apache VirtualHost sections really works, even
with suexec.
But my question remains: should setuid() fail if the target uid's
process count would be exceeded? If so, I wouldn't need this
work-around.
Matt
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
