svn commit: r211393 - head/lib/libutil
Dag-Erling Smorgrav
des at FreeBSD.org
Mon Aug 16 11:32:20 UTC 2010
Author: des
Date: Mon Aug 16 11:32:20 2010
New Revision: 211393
URL: http://svn.freebsd.org/changeset/base/211393
Log:
In setusercontext(), do not apply user settings unless running as the
user in question (usually but not necessarily because we were called
with LOGIN_SETUSER). This plugs a hole where users could raise their
resource limits and expand their CPU mask.
MFC after: 3 weeks
Modified:
head/lib/libutil/login_class.c
Modified: head/lib/libutil/login_class.c
==============================================================================
--- head/lib/libutil/login_class.c Mon Aug 16 11:22:12 2010 (r211392)
+++ head/lib/libutil/login_class.c Mon Aug 16 11:32:20 2010 (r211393)
@@ -525,7 +525,7 @@ setusercontext(login_cap_t *lc, const st
/*
* Now, we repeat some of the above for the user's private entries
*/
- if ((lc = login_getuserclass(pwd)) != NULL) {
+ if (getuid() == uid && (lc = login_getuserclass(pwd)) != NULL) {
mymask = setlogincontext(lc, pwd, mymask, flags);
login_close(lc);
}
More information about the svn-src-all
mailing list