o Remove the disabled p_cansched() test cases that permitted users to
modify the scheduling properties of processes with a different real uid but the same effective uid (i.e., daemons, et al). (note: these cases were previously commented out, so this does not change the compiled code at al) Obtained from: TrustedBSD Project
This commit is contained in:
parent
23936bbf45
commit
80c9c40df9
@ -1143,17 +1143,6 @@ p_cansched(struct proc *p1, struct proc *p2, int *privused)
|
||||
return (0);
|
||||
if (p1->p_ucred->cr_uid == p2->p_cred->p_ruid)
|
||||
return (0);
|
||||
#if 0
|
||||
/*
|
||||
* XXX should a process be able to affect another process
|
||||
* acting as the same uid (i.e., sendmail delivery, lpd,
|
||||
* et al?)
|
||||
*/
|
||||
if (p1->p_cred->p_ruid == p2->p_ucred->cr_uid)
|
||||
return (0);
|
||||
if (p1->p_ucred->cr_uid == p2->p_ucred->cr_uid)
|
||||
return (0);
|
||||
#endif /* 0 */
|
||||
|
||||
if (!suser_xxx(0, p1, PRISON_ROOT)) {
|
||||
if (privused != NULL)
|
||||
|
Loading…
Reference in New Issue
Block a user