httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject [PATCH] unixd_set_rlimit / decrease rlim_max as nonroot
Date Tue, 10 Jan 2006 20:59:45 GMT
unixd_set_rlimit() doesn't allow RLimit{CPU,NPROC,MEM} to modify
rlim_max if httpd isn't started as root -- even if the value would
decrease rlim_max.

The coment seen in the context of the patch attached below, RLimitXXX
documentation, and setrlimit manual  say the restriction should be
that non-root users can't *increase*  rlim_max.

(patch copied below)

Index: os/unix/unixd.c
===================================================================
--- os/unix/unixd.c     (revision 367782)
+++ os/unix/unixd.c     (working copy)
@@ -260,10 +260,13 @@
     /* if we aren't running as root, cannot increase max */
     if (geteuid()) {
         limit->rlim_cur = cur;
-        if (max) {
+        if (max && (max > limit->rlim_max)) {
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, cmd->server,
                          "Must be uid 0 to raise maximum %s", cmd->cmd->name);
         }
+        else if (max) {
+            limit->rlim_max = max;
+        }
     }
     else {
         if (cur) {


--
Eric Covener
covener@gmail.com

Mime
View raw message