kern/66268: [PATCH] Socket buffer resource limit (RLIMIT_SBSIZE)
use uid instead of ruid
Adam Nowacki
freebsd at nowak.xpam.de
Tue May 4 12:10:19 PDT 2004
>Number: 66268
>Category: kern
>Synopsis: [PATCH] Socket buffer resource limit (RLIMIT_SBSIZE) use uid instead of ruid
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue May 04 12:10:18 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator: Adam Nowacki
>Release: 4.8
>Organization:
>Environment:
FreeBSD shell.sinuspl.net 4.8-RELEASE-p17 FreeBSD 4.8-RELEASE-p17 #5: Thu Mar 25 22:28:39 CET 2004 root at shell.sinuspl.net:/usr/src/sys/compile/SHELL i386
>Description:
RLIMIT_SBSIZE use uid instead of ruid, what causes some problems (ex. 'No buffer space available' for suid programs). Thats wrong, because users realy dont exceed their limits.
>How-To-Repeat:
Login as a normal user, set RLIMIT_SBSIZE to something small, but enought to be able to ping 127.0.0.1. As root open a lot of connections to exceed RLIMIT_SBSIZE limit set before. Go back to normal user and ping 127.0.0.1, you will get 'ping: socket: No buffer space available'.
>Fix:
--- old.uipc_socket.c Sun Dec 15 10:24:23 2002
+++ uipc_socket.c Tue May 4 20:55:51 2004
@@ -190,10 +190,10 @@
so->so_gencnt = ++so_gencnt;
if (so->so_rcv.sb_hiwat)
- (void)chgsbsize(so->so_cred->cr_uidinfo,
+ (void)chgsbsize(so->so_cred->cr_ruidinfo,
&so->so_rcv.sb_hiwat, 0, RLIM_INFINITY);
if (so->so_snd.sb_hiwat)
- (void)chgsbsize(so->so_cred->cr_uidinfo,
+ (void)chgsbsize(so->so_cred->cr_ruidinfo,
&so->so_snd.sb_hiwat, 0, RLIM_INFINITY);
#ifdef INET
if (so->so_accf != NULL) {
--- old.uipc_socket2.c Sat Aug 31 21:04:55 2002
+++ uipc_socket2.c Tue May 4 20:56:07 2004
@@ -414,7 +414,7 @@
*/
if (cc > sb_max_adj)
return (0);
- if (!chgsbsize(so->so_cred->cr_uidinfo, &sb->sb_hiwat, cc,
+ if (!chgsbsize(so->so_cred->cr_ruidinfo, &sb->sb_hiwat, cc,
p ? p->p_rlimit[RLIMIT_SBSIZE].rlim_cur : RLIM_INFINITY)) {
return (0);
}
@@ -434,7 +434,7 @@
{
sbflush(sb);
- (void)chgsbsize(so->so_cred->cr_uidinfo, &sb->sb_hiwat, 0,
+ (void)chgsbsize(so->so_cred->cr_ruidinfo, &sb->sb_hiwat, 0,
RLIM_INFINITY);
sb->sb_mbmax = 0;
}
--- old.uipc_usrreq.c Tue Mar 4 18:28:09 2003
+++ uipc_usrreq.c Tue May 4 20:56:22 2004
@@ -249,7 +249,7 @@
unp->unp_mbcnt = so->so_rcv.sb_mbcnt;
newhiwat = so2->so_snd.sb_hiwat + unp->unp_cc -
so->so_rcv.sb_cc;
- (void)chgsbsize(so2->so_cred->cr_uidinfo, &so2->so_snd.sb_hiwat,
+ (void)chgsbsize(so2->so_cred->cr_ruidinfo, &so2->so_snd.sb_hiwat,
newhiwat, RLIM_INFINITY);
unp->unp_cc = so->so_rcv.sb_cc;
sowwakeup(so2);
@@ -358,7 +358,7 @@
unp->unp_conn->unp_mbcnt = so2->so_rcv.sb_mbcnt;
newhiwat = so->so_snd.sb_hiwat -
(so2->so_rcv.sb_cc - unp->unp_conn->unp_cc);
- (void)chgsbsize(so->so_cred->cr_uidinfo, &so->so_snd.sb_hiwat,
+ (void)chgsbsize(so->so_cred->cr_ruidinfo, &so->so_snd.sb_hiwat,
newhiwat, RLIM_INFINITY);
unp->unp_conn->unp_cc = so2->so_rcv.sb_cc;
sorwakeup(so2);
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list