aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOlivier Certner <olce.freebsd@certner.fr>2023-05-30 15:14:50 +0000
committerOlivier Certner <olce@FreeBSD.org>2024-02-01 21:24:13 +0000
commit8b359002747a3ce84414fb64a9b89eab20ab7c25 (patch)
tree3b8afe2af0510bd9e0e60eaa5f7804f9cf05124d
parentd836f951d9fee1d8cd7b77b4b87fb13c54d8cf15 (diff)
downloadsrc-8b359002747a.tar.gz
src-8b359002747a.zip
setusercontext(): Set priority from '~/.login_conf' as well
Setting the process priority is done only when the current process' effective UID corresponds to that for which context is to be set. Consequently, setting priority is done with appropriate credentials and will fail if the target user tries to raise it unduly via his '~/.login_conf'. PR: 271751 Reviewed by: kib, Andrew Gierth <andrew_tao173.riddles.org.uk> Approved by: emaste (mentor) MFC after: 3 days Relnotes: yes Sponsored by: Kumacom SAS Differential Revision: https://reviews.freebsd.org/D40352 (cherry picked from commit f2a0277d3e51a6a839151eef17f466d0db2b7300) Approved by: markj (mentor)
-rw-r--r--lib/libutil/login_class.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c
index f545e3661520..b4e52951bf9c 100644
--- a/lib/libutil/login_class.c
+++ b/lib/libutil/login_class.c
@@ -622,6 +622,8 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in
*/
if (geteuid() == uid && (lc = login_getuserclass(pwd)) != NULL) {
setlogincontext(lc, pwd, flags);
+ if (flags & LOGIN_SETPRIORITY)
+ setclasspriority(lc, pwd);
login_close(lc);
}