Page MenuHomeFreeBSD
Differential D40351

setusercontext(): Apply user login context only on process' euid being set
ClosedPublic
Actions

Authored by olce on May 31 2023, 3:18 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Nov 7, 4:49 PM
Unknown Object (File)
Wed, Nov 6, 12:54 AM
Unknown Object (File)
Sat, Nov 2, 2:42 AM
Unknown Object (File)
Sat, Nov 2, 2:42 AM
Unknown Object (File)
Sat, Nov 2, 2:42 AM
Unknown Object (File)
Sat, Nov 2, 2:42 AM
Unknown Object (File)
Sat, Nov 2, 2:42 AM
Unknown Object (File)
Sat, Nov 2, 2:42 AM
View All Files
Subscribers
andrew_tao173.riddles.org.uk
imp

Details

Reviewers
kib
mjg
yuripv
kevans
des
olce
Commits
rG9deb5ca77beb: setusercontext(): Apply personal settings only on matching effective UID
rGc2a9cfc55046: setusercontext(): Apply personal settings only on matching effective UID
rG9fcf54d3750e: setusercontext(): Apply personal settings only on matching effective UID
rGede6fd06726c: setusercontext(): Apply personal settings only on matching effective UID
rG892654fe9b5a: setusercontext(): Apply personal settings only on matching effective UID
Summary

Commit 35305a8dc114 (r211393) added a check on whether 'uid' was equal to
getuid() before calling setlogincontext(). Doing so still allows a setuid
program to apply resource limits and priorities specified in a user-controlled
configuration file ('~/.login_conf') where a non-setuid program could not. Plug
the hole by checking instead that the process' effective UID is the target one
(which is likely what was meant in the initial commit).

PR: 271750

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

olce created this revision.May 31 2023, 3:18 PM
Herald added a subscriber: imp. · View Herald TranscriptMay 31 2023, 3:18 PM
olce requested review of this revision.May 31 2023, 3:18 PM
Harbormaster completed remote builds in B51805: Diff 122660.May 31 2023, 3:18 PM
olce added a parent revision: D40350: setusercontext(): Move priority setting in new setclasspriority().May 31 2023, 3:19 PM
olce added a child revision: D40352: setusercontext(): Set priority from '~/.login_conf' as well.
olce updated this revision to Diff 122662.May 31 2023, 4:06 PM
olce retitled this revision from setusercontext(): Apply login context on process' euid being set to setusercontext(): Apply user login context only on process' euid being set.

Clearer commit message's headling

Harbormaster completed remote builds in B51807: Diff 122662.May 31 2023, 4:06 PM
andrew_tao173.riddles.org.uk added a subscriber: andrew_tao173.riddles.org.uk.May 31 2023, 4:40 PM
olce added reviewers: kib, mjg, yuripv, kevans, des.Jun 6 2023, 8:28 AM
olce updated this revision to Diff 123008.Jun 9 2023, 2:54 PM
olce edited the summary of this revision. (Show Details)

Add PR in commit message.

Harbormaster completed remote builds in B51982: Diff 123008.Jun 9 2023, 2:54 PM
kib accepted this revision.Jun 15 2023, 6:44 AM
This revision is now accepted and ready to land.Jun 15 2023, 6:44 AM
olce updated this revision to Diff 123604.Jun 21 2023, 1:57 PM

Refresh

This revision now requires review to proceed.Jun 21 2023, 1:57 PM
Harbormaster completed remote builds in B52227: Diff 123604.Jun 21 2023, 1:57 PM
olce edited parent revisions, added: D40691: login.conf(5): Document priority's special value 'inherit'; removed: D40350: setusercontext(): Move priority setting in new setclasspriority().Jun 21 2023, 1:58 PM
olce added a comment.Jun 21 2023, 2:01 PM

@kib Diff is the same as the one you validated. I updated the differential just to update the diff's base.

olce accepted this revision.Jul 16 2023, 4:10 PM

Re-validating, since the diff is the same as validated by @kib.

This revision is now accepted and ready to land.Jul 16 2023, 4:10 PM
des accepted this revision.Oct 2 2023, 9:11 PM
Closed by commit rG892654fe9b5a: setusercontext(): Apply personal settings only on matching effective UID (authored by olce, committed by emaste). · Explain WhyOct 10 2023, 1:58 AM
This revision was automatically updated to reflect the committed changes.
emaste added a commit: rG892654fe9b5a: setusercontext(): Apply personal settings only on matching effective UID.
emaste added a commit: rGede6fd06726c: setusercontext(): Apply personal settings only on matching effective UID.Oct 24 2023, 12:57 AM
olce added a commit: rG9fcf54d3750e: setusercontext(): Apply personal settings only on matching effective UID.Dec 21 2023, 1:47 PM
gordon added a commit: rGc2a9cfc55046: setusercontext(): Apply personal settings only on matching effective UID.Feb 14 2024, 6:06 AM
gordon added a commit: rG9deb5ca77beb: setusercontext(): Apply personal settings only on matching effective UID.

Revision Contents
Changeset List

PathSize
lib/
libutil/
2 lines

Diff 128480

View Options

lib/libutil/login_class.c

Loading...