Date: Mon, 26 Jul 2004 07:54:39 +0000 (UTC) From: Colin Percival <cperciva@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern kern_fork.c Message-ID: <200407260754.i6Q7sdIH073894@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
cperciva 2004-07-26 07:54:39 UTC
FreeBSD src repository
Modified files:
sys/kern kern_fork.c
Log:
In revision 1.228, I accidentally broke the "total number of processes in
the system" resource limit code: When checking if the caller has superuser
privileges, we should be checking the *real* user, not the *effective*
user. (In general, resource limiting is done based on the real user, in
order to avoid resource-exhaustion-by-setuid-program attacks.)
Now that a SUSER_RUID flag to suser_cred exists, use it here to return
this code to its correct behaviour.
Pointed out by: rwatson
Revision Changes Path
1.231 +2 -1 src/sys/kern/kern_fork.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200407260754.i6Q7sdIH073894>