Per the existing comment and setrlimit() behavior -- only prevent attempts to

raise the hard limit, not to lower it, by nonroot users. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1042198 13f79535-47bb-0310-9956-ffa450edef68
author: Eric Covener <covener@apache.org> 2010-12-04 16:06:29 +0100
committer: Eric Covener <covener@apache.org> 2010-12-04 16:06:29 +0100
commit: 49bd9d3de10cc11e8b5733c6d7f9fa673eafde91 (patch)
tree: d96e5aa064f0c19f458f7c50fe01232f4d1227fa /os/unix
parent: Add support for RLimit* in mod_cgid. PR 42135. (diff)
download: apache2-49bd9d3de10cc11e8b5733c6d7f9fa673eafde91.tar.xz
apache2-49bd9d3de10cc11e8b5733c6d7f9fa673eafde91.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/os/unix/unixd.c b/os/unix/unixd.c
index 6e2f4f9082..e8677d1383 100644
--- a/os/unix/unixd.c
+++ b/os/unix/unixd.c
@@ -95,10 +95,13 @@ AP_DECLARE(void) ap_unixd_set_rlimit(cmd_parms *cmd, struct rlimit **plimit,
     /* if we aren't running as root, cannot increase max */
     if (geteuid()) {
         limit->rlim_cur = cur;
-        if (max) {
+        if (max && (max > limit->rlim_max)) {
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, cmd->server,
                          "Must be uid 0 to raise maximum %s", cmd->cmd->name);
         }
+        else if (max) {
+            limit->rlim_max = max;
+        }
     }
     else {
         if (cur) {
author	Eric Covener <covener@apache.org>	2010-12-04 16:06:29 +0100
committer	Eric Covener <covener@apache.org>	2010-12-04 16:06:29 +0100
commit	49bd9d3de10cc11e8b5733c6d7f9fa673eafde91 (patch)
tree	d96e5aa064f0c19f458f7c50fe01232f4d1227fa /os/unix
parent	Add support for RLimit* in mod_cgid. PR 42135. (diff)
download	apache2-49bd9d3de10cc11e8b5733c6d7f9fa673eafde91.tar.xz apache2-49bd9d3de10cc11e8b5733c6d7f9fa673eafde91.zip