Hello Neil, Jiri, I started documenting the prlimit() system call added in 2.6.36, and found the permission checks to be rather inconsistent with any other kernel-userspace API. They are:
CAP_SYS_RESOURCE || (c-uid == t-uid && c0uid == t-euid && c-uid == t-suid) && (c-gid == t-gid && c-gid == t-guid && c-gid == t-sgid) (uid == real UID; euid == effective UID; suid == save set-user-ID; and analogously for GIDs; c- == caller's ID, and t- == target process's ID) In other words, for an unprivileged user, all UIDs of the target process must match the calling process's real UID *and* all GIDs of the target process must match the calling process's real GID. What is the reason that the checks for prlimit() aren't similar to say setpriority(), whose checks are the much simpler, and make no mention of GIDs: c-euid == t-uid || c-euid == t-euid ? Thanks, Michael PS see also http://linux-man-pages.blogspot.com/2010/11/system-call-credential-checking-tale-of.html -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Author of "The Linux Programming Interface"; http://man7.org/tlpi/ -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
