Author: delphij
Date: Fri Sep 24 23:47:42 2010
New Revision: 213144
URL: http://svn.freebsd.org/changeset/base/213144
Log:
MFC r211393 (des):
In setusercontext(), do not apply user settings unless running as the
user in question (usually but not necessarily because we were called
with LOGIN_SETUSER). This plugs a hole where users could raise their
resource limits and expand their CPU mask.
Approved by: des
Modified:
stable/8/lib/libutil/login_class.c
Directory Properties:
stable/8/lib/libutil/ (props changed)
Modified: stable/8/lib/libutil/login_class.c
==============================================================================
--- stable/8/lib/libutil/login_class.c Fri Sep 24 21:55:44 2010
(r213143)
+++ stable/8/lib/libutil/login_class.c Fri Sep 24 23:47:42 2010
(r213144)
@@ -525,7 +525,7 @@ setusercontext(login_cap_t *lc, const st
/*
* Now, we repeat some of the above for the user's private entries
*/
- if ((lc = login_getuserclass(pwd)) != NULL) {
+ if (getuid() == uid && (lc = login_getuserclass(pwd)) != NULL) {
mymask = setlogincontext(lc, pwd, mymask, flags);
login_close(lc);
}
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
