[PATCH] Fix prlimit64 for suid/sgid processes

From: Kacper Kornet
Date: Thu Jan 27 2011 - 09:07:58 EST

Next message: Trond Myklebust: "Re: kernel BUG while mv files onto an nfs mount with Linus'linux-2.6 git tree"
Previous message: Serge E. Hallyn: "Re: [PATCH] System Wide Capability Bounding Set"
Next in thread: Linus Torvalds: "Re: [PATCH] Fix prlimit64 for suid/sgid processes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Since check_prlimit_permission always fails in the case of SUID/GUID
processes, such processes are not able to read or set their own limits.
This commit changes this by assuming that process can always read/change
its own limits.

Signed-off-by: Kacper Kornet <kornet@xxxxxxxxxxx>
---
kernel/sys.c | 10 ++++++----
1 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/kernel/sys.c b/kernel/sys.c
index e9ad444..0aaafde 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -1409,10 +1409,12 @@ SYSCALL_DEFINE4(prlimit64, pid_t, pid, unsigned int, resource,
rcu_read_unlock();
return -ESRCH;
}
- ret = check_prlimit_permission(tsk);
- if (ret) {
- rcu_read_unlock();
- return ret;
+ if (tsk != current) {
+ ret = check_prlimit_permission(tsk);
+ if (ret) {
+ rcu_read_unlock();
+ return ret;
+ }
}
get_task_struct(tsk);
rcu_read_unlock();
--
Kacper Kornet
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Trond Myklebust: "Re: kernel BUG while mv files onto an nfs mount with Linus'linux-2.6 git tree"
Previous message: Serge E. Hallyn: "Re: [PATCH] System Wide Capability Bounding Set"
Next in thread: Linus Torvalds: "Re: [PATCH] Fix prlimit64 for suid/sgid processes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]