cvs commit: src/sys/kern kern_descrip.c
Robert Watson
rwatson at FreeBSD.org
Thu Jul 15 10:21:30 PDT 2004
On Thu, 15 Jul 2004, Pawel Jakub Dawidek wrote:
> On Wed, Jul 14, 2004 at 07:04:31PM +0000, Christian S.J. Peron wrote:
> +> csjp 2004-07-14 19:04:31 UTC
> +>
> +> FreeBSD src repository
> +>
> +> Modified files:
> +> sys/kern kern_descrip.c
> +> Log:
> +> In addition to the real user ID check, do an explicit jail
> +> check to ensure that the caller is not prison root.
> +>
> +> The intention is to fix file descriptor creation so that
> +> prison root can not use the last remaining file descriptors.
> +> This privilege should be reserved for non-jailed root users.
> [...]
> +> fp = uma_zalloc(file_zone, M_WAITOK | M_ZERO);
> +> sx_xlock(&filelist_lock);
> +> - if ((nfiles >= maxuserfiles && td->td_ucred->cr_ruid != 0)
> +> - || nfiles >= maxfiles) {
> +> + if ((nfiles >= maxuserfiles && (td->td_ucred->cr_ruid != 0 ||
> +> + jailed(td->td_ucred))) || nfiles >= maxfiles) {
> +> if (ppsratecheck(&lastfail, &curfail, 1)) {
> +> printf("kern.maxfiles limit exceeded by uid %i, please see tuning(7).\n",
> +> td->td_ucred->cr_ruid);
>
> Could we change 'td->td_ucred->cr_ruid != 0 || jailed(td->td_ucred)' to
> 'suser(td) != 0'?
No, because suser(td) checks the effective uid, not the real uid. Which
is the reason I asked him to change it to that before committing, and why
Colin had to back out his commit also :-). Colin is preparing patches to
add a flag to suser_cred() to allow the caller to say they care about the
real uid.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Principal Research Scientist, McAfee Research
More information about the cvs-src
mailing list