git: f2a0277d3e51 - main - setusercontext(): Set priority from '~/.login_conf' as well
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 29 Jan 2024 22:32:20 UTC
The branch main has been updated by olce:
URL: https://cgit.FreeBSD.org/src/commit/?id=f2a0277d3e51a6a839151eef17f466d0db2b7300
commit f2a0277d3e51a6a839151eef17f466d0db2b7300
Author: Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2023-05-30 15:14:50 +0000
Commit: Olivier Certner <olce@FreeBSD.org>
CommitDate: 2024-01-29 21:58:09 +0000
setusercontext(): Set priority from '~/.login_conf' as well
Setting the process priority is done only when the current process'
effective UID corresponds to that for which context is to be set.
Consequently, setting priority is done with appropriate credentials and
will fail if the target user tries to raise it unduly via his
'~/.login_conf'.
PR: 271751
Reviewed by: kib, Andrew Gierth <andrew_tao173.riddles.org.uk>
Approved by: emaste (mentor)
MFC after: 3 days
Relnotes: yes
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40352
---
lib/libutil/login_class.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c
index 314ab0999320..5ae0fbfb80b8 100644
--- a/lib/libutil/login_class.c
+++ b/lib/libutil/login_class.c
@@ -621,6 +621,8 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in
*/
if (geteuid() == uid && (lc = login_getuserclass(pwd)) != NULL) {
setlogincontext(lc, pwd, flags);
+ if (flags & LOGIN_SETPRIORITY)
+ setclasspriority(lc, pwd);
login_close(lc);
}