~/.login_conf mechanism is flawed
Dag-Erling Smørgrav
des at des.no
Fri Aug 13 10:35:18 UTC 2010
jhell <jhell at dataix.net> writes:
> On the note of using a ~/.login_conf file for setting limits and in this
> case increasing them. when they shouldn't be.
>
> I have been using a ~/.login_conf without generating the
> ~/.login_conf.db through the use of cap_mkdb(1) for quite some time. So
> on that, is it really necessary to look for that .db file at all since
> ~/.login_conf works without it...
It won't make any difference. The problem is that setusercontext()
applies the user's settings even if it's still running as root. I have
a patch, but I need to check that it doesn't break anything.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list