[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM and system limits



Jan Rekorajski wrote:
> > One question. Is there any reason why you can't change the euid back
> > again afterwards? This seems more transparent to me. (Some code actually
> > has the real uid set to something other than the effective one while
> > authenticating anyway).
> 
> I'm not changing euid. I'm changing only real uid, and no, can't switch
> back, because limits are compared agains current real uid.

Sorry, I meant the uid. In general, its the responsibility of the
application to handle the setting of uids, modules need to be
transparent wrt to this - some modules actually depend on the uid value
to determine who originated the request.

Why can't you do this?:

   {
      uid_t old_uid = getuid();
      setreuid(pwd->pw_uid, -1);
      retval = setup_limits(pwd->pw_name, ctrl);
      setreuid(old_uid, -1);
   }

> > Please file a bug report and then apply your change (with a change to
> > CHANGELOG).

Didn't see the CHANGELOG checkin.

Cheers

Andrew





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []