Subject: Re: setrlimit seems to have changed: breaks pkgsrc/net/tor
To: Juan RP <juan@xtrarom.org>
From: Elad Efrat <elad@NetBSD.org>
List: current-users
Date: 01/04/2007 12:05:25
This is a multi-part message in MIME format.
--------------070703060904080403060901
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Juan RP wrote:
> On Thursday 04 January 2007 01:52, Paulo Alexandre Pinto Pires wrote:
>> Em Quarta 03 Janeiro 2007 00:16, Marko Schütz escreveu:
>>> Dear All,
>>>
>>> just updated the kernel to -current as of 2-3 days ago.
>>>
>>> This breaks tor:
>>>
>>> Jan 03 14:09:55.221 [warn] There are known bugs in using kqueue with
>>> libevent 1.1a. Please use the latest version of libevent. Jan 03
>>> 14:09:55.222 [warn] set_max_file_descriptors(): Could not set maximum
>>> number of file descriptors: Operation not permitted Jan 03 14:09:55.222
>>> [warn] Failed to parse/validate config: Problem with ConnLimit value. See
>>> logs for details. Jan 03 14:09:55.222 [err] tor_init(): Reading config
>>> failed--see warnings above. For usage, try -h.
>>>
>>> which previously ran just fine.
>> Not only pkgsrc. Two weeks ago, I complained about the same setrlimit()
>> problem in postfix as in the main tree (especially when run with UUCP and
>> rmail). I asked in this list about it but got no answer on why should
>> setrlimit() fail for setuid-binaries, before submitting a PR.
>
> CC'ing Elad (maybe he knows something).
>
> Is it related to any change in kauth (or the bsd44 secmodel)?
>
try this.
-e.
--------------070703060904080403060901
Content-Type: text/plain;
name="rlimit.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="rlimit.diff"
Index: secmodel_bsd44_suser.c
===================================================================
RCS file: /usr/cvs/src/sys/secmodel/bsd44/secmodel_bsd44_suser.c,v
retrieving revision 1.28
diff -u -p -r1.28 secmodel_bsd44_suser.c
--- secmodel_bsd44_suser.c 2 Jan 2007 23:58:20 -0000 1.28
+++ secmodel_bsd44_suser.c 2 Jan 2007 23:34:29 -0000
@@ -520,7 +520,8 @@ secmodel_bsd44_suser_process_cb(kauth_cr
break;
}
- if (proc_uidmatch(cred, p->p_cred) != 0) {
+ if ((p != curlwp->l_proc) &&
+ (proc_uidmatch(cred, p->p_cred) != 0)) {
result = KAUTH_RESULT_DENY;
break;
}
--------------070703060904080403060901--