mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 04:43:53 +00:00
setusercontext(): Apply personal settings only on matching effective UID
Commit 35305a8dc1
(r211393) added a check on whether 'uid' was equal
to getuid() before calling setlogincontext(). Doing so still allows
a setuid program to apply resource limits and priorities specified in
a user-controlled configuration file ('~/.login_conf') where
a non-setuid program could not. Plug the hole by checking instead that
the process' effective UID is the target one (which is likely what was
meant in the initial commit).
PR: 271750
Reviewed by: kib, des
MFC after: 2 weeks
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40351
This commit is contained in:
parent
6e92fc9309
commit
892654fe9b
|
@ -546,7 +546,7 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in
|
|||
/*
|
||||
* Now, we repeat some of the above for the user's private entries
|
||||
*/
|
||||
if (getuid() == uid && (lc = login_getuserclass(pwd)) != NULL) {
|
||||
if (geteuid() == uid && (lc = login_getuserclass(pwd)) != NULL) {
|
||||
mymask = setlogincontext(lc, pwd, mymask, flags);
|
||||
login_close(lc);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue