svn commit: r211393 - head/lib/libutil

Dag-Erling Smørgrav des at
Mon Aug 16 11:41:10 UTC 2010

Dag-Erling Smorgrav <des at> writes:
> Log:
>   In setusercontext(), do not apply user settings unless running as the
>   user in question (usually but not necessarily because we were called
>   with LOGIN_SETUSER).  This plugs a hole where users could raise their
>   resource limits and expand their CPU mask.

Note that this commit semi-intentionally introduces another bug: in some
cases, the user's limits will not be applied at all.  This is by far the
lesser of two evils, and is easy (albeit time-consuming) to fix.

Dag-Erling Smørgrav - des at

More information about the svn-src-all mailing list