mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 04:43:53 +00:00
In setusercontext(), do not apply user settings unless running as the
user in question (usually but not necessarily because we were called with LOGIN_SETUSER). This plugs a hole where users could raise their resource limits and expand their CPU mask. MFC after: 3 weeks
This commit is contained in:
parent
f4fda7679a
commit
35305a8dc1
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=211393
|
@ -525,7 +525,7 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in
|
|||
/*
|
||||
* Now, we repeat some of the above for the user's private entries
|
||||
*/
|
||||
if ((lc = login_getuserclass(pwd)) != NULL) {
|
||||
if (getuid() == uid && (lc = login_getuserclass(pwd)) != NULL) {
|
||||
mymask = setlogincontext(lc, pwd, mymask, flags);
|
||||
login_close(lc);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue