d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

In addition to the real user ID check, do an explicit jail

Browse Source 
check to ensure that the caller is not prison root.

The intention is to fix file descriptor creation so that
prison root can not use the last remaining file descriptors.
This privilege should be reserved for non-jailed root users.

Approved by:	bmilekic (mentor)
This commit is contained in:
csjp 2004-07-14 19:04:31 +00:00
parent 4113967125
commit 7b09b25ecb
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sys/kern/kern_descrip.c
View File

@ -47,6 +47,7 @@ __FBSDID("$FreeBSD$");
#include <sys/conf.h>
#include <sys/filedesc.h>
#include <sys/lock.h>
#include <sys/jail.h>
#include <sys/kernel.h>
#include <sys/limits.h>
#include <sys/malloc.h>
@ -1303,8 +1304,8 @@ falloc(td, resultfp, resultfd)
fp = uma_zalloc(file_zone, M_WAITOK | M_ZERO);
sx_xlock(&filelist_lock);
if ((nfiles >= maxuserfiles && td->td_ucred->cr_ruid != 0)
|| nfiles >= maxfiles) {
if ((nfiles >= maxuserfiles && (td->td_ucred->cr_ruid != 0 ||
jailed(td->td_ucred))) || nfiles >= maxfiles) {
if (ppsratecheck(&lastfail, &curfail, 1)) {
printf("kern.maxfiles limit exceeded by uid %i, please see tuning(7).\n",
td->td_ucred->cr_ruid);