diff options
author | des <des@FreeBSD.org> | 2010-08-16 11:32:20 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2010-08-16 11:32:20 +0000 |
commit | 618102f75f6c78d63f04e1aafc90fb25689f51c9 (patch) | |
tree | 09791f8fe5f9592eab093ee3abd27167b32d0945 /lib/libutil | |
parent | 5bab879758fc03dda14fab6163e873bd9af8246a (diff) | |
download | FreeBSD-src-618102f75f6c78d63f04e1aafc90fb25689f51c9.zip FreeBSD-src-618102f75f6c78d63f04e1aafc90fb25689f51c9.tar.gz |
In setusercontext(), do not apply user settings unless running as the
user in question (usually but not necessarily because we were called
with LOGIN_SETUSER). This plugs a hole where users could raise their
resource limits and expand their CPU mask.
MFC after: 3 weeks
Diffstat (limited to 'lib/libutil')
-rw-r--r-- | lib/libutil/login_class.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c index d54b301..d952940 100644 --- a/lib/libutil/login_class.c +++ b/lib/libutil/login_class.c @@ -525,7 +525,7 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in /* * Now, we repeat some of the above for the user's private entries */ - if ((lc = login_getuserclass(pwd)) != NULL) { + if (getuid() == uid && (lc = login_getuserclass(pwd)) != NULL) { mymask = setlogincontext(lc, pwd, mymask, flags); login_close(lc); } |