From 77a76e9949a1994dbeb934e3cb8ecaf6c54c853c Mon Sep 17 00:00:00 2001
From: davidxu <davidxu@FreeBSD.org>
Date: Sun, 21 May 2006 00:40:38 +0000
Subject: [PATCH] Don't allow non-root user to set a scheduler policy,
 otherwise this could be a local DOS.

Submitted by: Diane Bruce at db at db.net
---
 sys/kern/p1003_1b.c   | 4 ++++
 sys/posix4/p1003_1b.c | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/sys/kern/p1003_1b.c b/sys/kern/p1003_1b.c
index 95adfeef0924..4da17a5f8310 100644
--- a/sys/kern/p1003_1b.c
+++ b/sys/kern/p1003_1b.c
@@ -193,6 +193,10 @@ sched_setscheduler(struct thread *td, struct sched_setscheduler_args *uap)
 	struct thread *targettd;
 	struct proc *targetp;
 
+	/* Don't allow non root user to set a scheduler policy */
+	if (suser(td) != 0)
+		return (EPERM);
+
 	e = copyin(uap->param, &sched_param, sizeof(sched_param));
 	if (e)
 		return (e);
diff --git a/sys/posix4/p1003_1b.c b/sys/posix4/p1003_1b.c
index 95adfeef0924..4da17a5f8310 100644
--- a/sys/posix4/p1003_1b.c
+++ b/sys/posix4/p1003_1b.c
@@ -193,6 +193,10 @@ sched_setscheduler(struct thread *td, struct sched_setscheduler_args *uap)
 	struct thread *targettd;
 	struct proc *targetp;
 
+	/* Don't allow non root user to set a scheduler policy */
+	if (suser(td) != 0)
+		return (EPERM);
+
 	e = copyin(uap->param, &sched_param, sizeof(sched_param));
 	if (e)
 		return (e);