[Midnightbsd-cvs] src: login_class.c: Fix a potential security issue first spotted with
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Thu Sep 2 08:51:18 EDT 2010
Log Message:
-----------
Fix a potential security issue first spotted with OpenSSH and modifications to login.conf
http://secunia.com/advisories/40923/
In setusercontext(), do not apply user settings unless running as the
user in question (usually but not necessarily because we were called
with LOGIN_SETUSER). This plugs a hole where users could raise their
resource limits and expand their CPU mask.
Obtained from: FreeBSD
Modified Files:
--------------
src/lib/libutil:
login_class.c (r1.1.1.2 -> r1.2)
(http://cvsweb.midnightbsd.org/src/lib/libutil/login_class.c?r1=1.1.1.2&r2=1.2)
More information about the Midnightbsd-cvs
mailing list