diff options
| author | csjp <csjp@FreeBSD.org> | 2004-07-14 19:04:31 +0000 |
|---|---|---|
| committer | csjp <csjp@FreeBSD.org> | 2004-07-14 19:04:31 +0000 |
| commit | 7b09b25ecb2d9e5be9c06e81ce89a7c5d347bb6f (patch) | |
| tree | f2ff772222c296d8651ff4d127ce189c668eb533 /sys | |
| parent | 41139671254218009e1302883b8e8af6e666cc91 (diff) | |
| download | FreeBSD-src-7b09b25ecb2d9e5be9c06e81ce89a7c5d347bb6f.zip FreeBSD-src-7b09b25ecb2d9e5be9c06e81ce89a7c5d347bb6f.tar.gz | |
In addition to the real user ID check, do an explicit jail
check to ensure that the caller is not prison root.
The intention is to fix file descriptor creation so that
prison root can not use the last remaining file descriptors.
This privilege should be reserved for non-jailed root users.
Approved by: bmilekic (mentor)
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/kern/kern_descrip.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c index 7a15e79..e8ba4fe 100644 --- a/sys/kern/kern_descrip.c +++ b/sys/kern/kern_descrip.c @@ -47,6 +47,7 @@ __FBSDID("$FreeBSD$"); #include <sys/conf.h> #include <sys/filedesc.h> #include <sys/lock.h> +#include <sys/jail.h> #include <sys/kernel.h> #include <sys/limits.h> #include <sys/malloc.h> @@ -1303,8 +1304,8 @@ falloc(td, resultfp, resultfd) fp = uma_zalloc(file_zone, M_WAITOK | M_ZERO); sx_xlock(&filelist_lock); - if ((nfiles >= maxuserfiles && td->td_ucred->cr_ruid != 0) - || nfiles >= maxfiles) { + if ((nfiles >= maxuserfiles && (td->td_ucred->cr_ruid != 0 || + jailed(td->td_ucred))) || nfiles >= maxfiles) { if (ppsratecheck(&lastfail, &curfail, 1)) { printf("kern.maxfiles limit exceeded by uid %i, please see tuning(7).\n", td->td_ucred->cr_ruid); |
