git: c2a9cfc55046 - releng/14.0 - setusercontext(): Apply personal settings only on matching effective UID
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 14 Feb 2024 06:05:41 UTC
The branch releng/14.0 has been updated by gordon:
URL: https://cgit.FreeBSD.org/src/commit/?id=c2a9cfc55046127176c74f86c24509ceb9da3551
commit c2a9cfc55046127176c74f86c24509ceb9da3551
Author: Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2023-05-30 16:35:08 +0000
Commit: Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2024-02-14 05:35:46 +0000
setusercontext(): Apply personal settings only on matching effective UID
Commit 35305a8dc114 (r211393) added a check on whether 'uid' was equal
to getuid() before calling setlogincontext(). Doing so still allows
a setuid program to apply resource limits and priorities specified in
a user-controlled configuration file ('~/.login_conf') where
a non-setuid program could not. Plug the hole by checking instead that
the process' effective UID is the target one (which is likely what was
meant in the initial commit).
PR: 271750
Reviewed by: kib, des
MFC after: 2 weeks
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40351
Approved by: so
Security: FreeBSD-EN-24:02.libutil
(cherry picked from commit 892654fe9b5a9115815c30a423b8db47185aebbd)
(cherry picked from commit ede6fd06726c02e9d2a5c47ac8cf80d8aaec5a70)
---
lib/libutil/login_class.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c
index f561479690c1..596a5663bebf 100644
--- a/lib/libutil/login_class.c
+++ b/lib/libutil/login_class.c
@@ -546,7 +546,7 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in
/*
* Now, we repeat some of the above for the user's private entries
*/
- if (getuid() == uid && (lc = login_getuserclass(pwd)) != NULL) {
+ if (geteuid() == uid && (lc = login_getuserclass(pwd)) != NULL) {
mymask = setlogincontext(lc, pwd, mymask, flags);
login_close(lc);
}