diff options
author | rwatson <rwatson@FreeBSD.org> | 2007-06-16 23:41:43 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2007-06-16 23:41:43 +0000 |
commit | 5956b5bc21c96b25c05bcdb8b76e1fd590072f14 (patch) | |
tree | 787b92698a00798f7eef6093395ee57f1e6c2cf0 /sys/kern/kern_fork.c | |
parent | e3e21bd46ae0de1d4958f608c5a4a3016bec2dbd (diff) | |
download | FreeBSD-src-5956b5bc21c96b25c05bcdb8b76e1fd590072f14.zip FreeBSD-src-5956b5bc21c96b25c05bcdb8b76e1fd590072f14.tar.gz |
Rather than passing SUSER_RUID into priv_check_cred() to specify when
a privilege is checked against the real uid rather than the effective
uid, instead decide which uid to use in priv_check_cred() based on the
privilege passed in. We use the real uid for PRIV_MAXFILES,
PRIV_MAXPROC, and PRIV_PROC_LIMIT. Remove the definition of
SUSER_RUID; there are now no flags defined for priv_check_cred().
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/kern/kern_fork.c')
-rw-r--r-- | sys/kern/kern_fork.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/sys/kern/kern_fork.c b/sys/kern/kern_fork.c index c0e3204..1a7f4a7 100644 --- a/sys/kern/kern_fork.c +++ b/sys/kern/kern_fork.c @@ -293,9 +293,8 @@ fork1(td, flags, pages, procp) * processes, maxproc is the limit. */ sx_xlock(&allproc_lock); - if ((nprocs >= maxproc - 10 && - priv_check_cred(td->td_ucred, PRIV_MAXPROC, SUSER_RUID) != 0) || - nprocs >= maxproc) { + if ((nprocs >= maxproc - 10 && priv_check_cred(td->td_ucred, + PRIV_MAXPROC, 0) != 0) || nprocs >= maxproc) { error = EAGAIN; goto fail; } @@ -306,7 +305,7 @@ fork1(td, flags, pages, procp) * * XXXRW: Can we avoid privilege here if it's not needed? */ - error = priv_check_cred(td->td_ucred, PRIV_PROC_LIMIT, SUSER_RUID); + error = priv_check_cred(td->td_ucred, PRIV_PROC_LIMIT, 0); if (error == 0) ok = chgproccnt(td->td_ucred->cr_ruidinfo, 1, 0); else { |