Received: (from majordom@localhost)
	by hyperreal.com (8.8.5/8.8.5) id LAA06006;
	Wed, 25 Jun 1997 11:07:20 -0700 (PDT)
Received: from twinlark.arctic.org (twinlark.arctic.org [204.62.130.91])
	by hyperreal.com (8.8.5/8.8.5) with SMTP id LAA05969
	for <apache-bugdb@apache.org>; Wed, 25 Jun 1997 11:07:14 -0700 (PDT)
Received: (qmail 12893 invoked by uid 500); 25 Jun 1997 18:07:26 -0000
Date: Wed, 25 Jun 1997 11:07:26 -0700 (PDT)
From: Dean Gaudet <dgaudet@arctic.org>
To: George Carrette <george_carrette@iacnet.com>
cc: apache-bugdb@apache.org
Subject: Re: config/783: RLimitMEM, RLimitCPU,
 hard limit ignored when userid is not 0
In-Reply-To: <199706251250.FAA25808@hyperreal.com>
Message-ID: <Pine.LNX.3.95dg3.970625110633.10655H-100000@twinlark.arctic.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: apache-bugdb-owner@apache.org
Precedence: bulk

There shouldn't even be a need to test the uid.  The setrlimit call should
be made and a getrlimit call can be made to test if it was successful.
Non-root users can also raise their soft limits up to their hard limit.

Dean

On Wed, 25 Jun 1997, George Carrette wrote:

> 
> >Number:         783
> >Category:       config
> >Synopsis:       RLimitMEM, RLimitCPU, hard limit ignored when userid is not 0
> >Confidential:   no
> >Severity:       non-critical
> >Priority:       medium
> >Responsible:    apache (Apache HTTP Project)
> >State:          open
> >Class:          sw-bug
> >Submitter-Id:   apache
> >Arrival-Date:   Wed Jun 25 05:50:01 1997
> >Originator:     george_carrette@iacnet.com
> >Organization:
> apache
> >Release:        1.2
> >Environment:
> Apache 1.2 as released.
> SunOS sandnews 5.5 Generic sun4m sparc SUNW,SPARCstation-20
> gcc version 2.7.2.1
> 
> >Description:
> If you are not running with userid 0 then a config option like this:
> RLimitCPU 10 20
> will give an error message:
> Must be uid 0 to raise maximum
> 
> The logic used to generate that message is in error, because I am only trying
> to lower the hard cpu limit to 20, not raise it. Non-root users are allowed
> to do that.
>  
> >How-To-Repeat:
> Just use RLimitCPU 10 20 with httpd started non-root.
> >Fix:
> Yes, here is the fix to the procedure set_rlimit in the file http_core.c
> which I have applied at my site. 
> 
>     /* if we aren't running as root, cannot increase max */
>     if (geteuid()) {
>         limit->rlim_cur = cur;
>         if (max && limit->rlim_max && (max > limit->rlim_max))
>             log_printf(cmd->server, "Must be uid 0 to raise maximum %s",
>                       cmd->cmd->name);
>         else if (max)
>           limit->rlim_max = max;
>     }
>     else {
>         if (cur)
>             limit->rlim_cur = cur;
>         if (max)
>             limit->rlim_max = max;
>     }
> 
> %0
> >Audit-Trail:
> >Unformatted:
> 
> 
>