You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Eric Covener <co...@gmail.com> on 2006/01/10 21:59:45 UTC
[PATCH] unixd_set_rlimit / decrease rlim_max as nonroot
unixd_set_rlimit() doesn't allow RLimit{CPU,NPROC,MEM} to modify
rlim_max if httpd isn't started as root -- even if the value would
decrease rlim_max.
The coment seen in the context of the patch attached below, RLimitXXX
documentation, and setrlimit manual say the restriction should be
that non-root users can't *increase* rlim_max.
(patch copied below)
Index: os/unix/unixd.c
===================================================================
--- os/unix/unixd.c (revision 367782)
+++ os/unix/unixd.c (working copy)
@@ -260,10 +260,13 @@
/* if we aren't running as root, cannot increase max */
if (geteuid()) {
limit->rlim_cur = cur;
- if (max) {
+ if (max && (max > limit->rlim_max)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, cmd->server,
"Must be uid 0 to raise maximum %s", cmd->cmd->name);
}
+ else if (max) {
+ limit->rlim_max = max;
+ }
}
else {
if (cur) {
--
Eric Covener
covener@gmail.com
Re: [PATCH] unixd_set_rlimit / decrease rlim_max as nonroot
Posted by Paul Querna <ch...@force-elite.com>.
Eric Covener wrote:
> unixd_set_rlimit() doesn't allow RLimit{CPU,NPROC,MEM} to modify
> rlim_max if httpd isn't started as root -- even if the value would
> decrease rlim_max.
>
> The coment seen in the context of the patch attached below, RLimitXXX
> documentation, and setrlimit manual say the restriction should be
> that non-root users can't *increase* rlim_max.
>
Seems reasonable to me.
Can anyone who uses rlimit test it and commit?
-Paul