current-users: Re: setrlimit seems to have changed: breaks pkgsrc/net/tor

Subject: Re: setrlimit seems to have changed: breaks pkgsrc/net/tor
To: Juan RP <juan@xtrarom.org>
From: Elad Efrat <elad@NetBSD.org>
List: current-users
Date: 01/04/2007 12:05:25

This is a multi-part message in MIME format.
--------------070703060904080403060901
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit

Juan RP wrote:
> On Thursday 04 January 2007 01:52, Paulo Alexandre Pinto Pires wrote:
>> Em Quarta 03 Janeiro 2007 00:16, Marko Schütz escreveu:
>>> Dear All,
>>>
>>> just updated the kernel to -current as of 2-3 days ago.
>>>
>>> This breaks tor:
>>>
>>> Jan 03 14:09:55.221 [warn] There are known bugs in using kqueue with
>>> libevent 1.1a. Please use the latest version of libevent. Jan 03
>>> 14:09:55.222 [warn] set_max_file_descriptors(): Could not set maximum
>>> number of file descriptors: Operation not permitted Jan 03 14:09:55.222
>>> [warn] Failed to parse/validate config: Problem with ConnLimit value. See
>>> logs for details. Jan 03 14:09:55.222 [err] tor_init(): Reading config
>>> failed--see warnings above. For usage, try -h.
>>>
>>> which previously ran just fine.
>> Not only pkgsrc.  Two weeks ago, I complained about the same setrlimit()
>> problem in postfix as in the main tree (especially when run with UUCP and
>> rmail).  I asked in this list about it but got no answer on why should
>> setrlimit() fail for setuid-binaries, before submitting a PR.
> 
> CC'ing Elad (maybe he knows something).
> 
> Is it related to any change in kauth (or the bsd44 secmodel)?
> 

try this.

-e.

--------------070703060904080403060901
Content-Type: text/plain;
 name="rlimit.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="rlimit.diff"

Index: secmodel_bsd44_suser.c
===================================================================
RCS file: /usr/cvs/src/sys/secmodel/bsd44/secmodel_bsd44_suser.c,v
retrieving revision 1.28
diff -u -p -r1.28 secmodel_bsd44_suser.c
--- secmodel_bsd44_suser.c	2 Jan 2007 23:58:20 -0000	1.28
+++ secmodel_bsd44_suser.c	2 Jan 2007 23:34:29 -0000
@@ -520,7 +520,8 @@ secmodel_bsd44_suser_process_cb(kauth_cr
 				break;
 			}
 
-			if (proc_uidmatch(cred, p->p_cred) != 0) {
+			if ((p != curlwp->l_proc) &&
+			    (proc_uidmatch(cred, p->p_cred) != 0)) {
 				result = KAUTH_RESULT_DENY;
 				break;
 			}

--------------070703060904080403060901--