setusercontext(): Apply personal settings only on matching effective UID

Commit 35305a8dc1 (r211393) added a check on whether 'uid' was equal to getuid() before calling setlogincontext(). Doing so still allows a setuid program to apply resource limits and priorities specified in a user-controlled configuration file ('~/.login_conf') where a non-setuid program could not. Plug the hole by checking instead that the process' effective UID is the target one (which is likely what was meant in the initial commit). PR: 271750 Reviewed by: kib, des MFC after: 2 weeks Sponsored by: Kumacom SAS Differential Revision: https://reviews.freebsd.org/D40351
2024-10-15 04:43:53 +00:00 · 2023-05-30 18:35:08 +02:00 · 2023-05-30 18:35:08 +02:00 · 892654fe9b
parent 6e92fc9309
commit 892654fe9b
1 changed files with 1 additions and 1 deletions
--- a/lib/libutil/login_class.c
+++ b/lib/libutil/login_class.c
@ -546,7 +546,7 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in
    /*
     * Now, we repeat some of the above for the user's private entries
     */
-    if (getuid() == uid && (lc = login_getuserclass(pwd)) != NULL) {
+    if (geteuid() == uid && (lc = login_getuserclass(pwd)) != NULL) {
 	mymask = setlogincontext(lc, pwd, mymask, flags);
 	login_close(lc);
    }