Author: des
Date: Mon Aug 16 11:32:20 2010
New Revision: 211393
URL: http://svn.freebsd.org/changeset/base/211393
Log:
In setusercontext(), do not apply user settings unless running as the
user in question (usually but not necessarily because we were called
with LOGIN_SETUSER). This plugs a hole where users could raise their
resource limits and expand their CPU mask.
MFC after: 3 weeks
Modified:
head/lib/libutil/login_class.c
Modified: head/lib/libutil/login_class.c
==============================================================================
--- head/lib/libutil/login_class.c Mon Aug 16 11:22:12 2010
(r211392)
+++ head/lib/libutil/login_class.c Mon Aug 16 11:32:20 2010
(r211393)
@@ -525,7 +525,7 @@ setusercontext(login_cap_t *lc, const st
/*
* Now, we repeat some of the above for the user's private entries
*/
- if ((lc = login_getuserclass(pwd)) != NULL) {
+ if (getuid() == uid && (lc = login_getuserclass(pwd)) != NULL) {
mymask = setlogincontext(lc, pwd, mymask, flags);
login_close(lc);
}
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
