Per the existing comment and setrlimit() behavior -- only prevent attempts to

raise the hard limit, not to lower it, by nonroot users.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1042198 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/os/unix/unixd.c b/os/unix/unixd.c
index 6e2f4f908283c0fc4bb0621d6db2cd3fac488c69..e8677d1383112ada485a35cd31287423ba2cca22 100644 (file)
--- a/os/unix/unixd.c
+++ b/os/unix/unixd.c
@@ -95,10 +95,13 @@ AP_DECLARE(void) ap_unixd_set_rlimit(cmd_parms *cmd, struct rlimit **plimit,
     /* if we aren't running as root, cannot increase max */
     if (geteuid()) {
         limit->rlim_cur = cur;
-        if (max) {
+        if (max && (max > limit->rlim_max)) {
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, cmd->server,
                          "Must be uid 0 to raise maximum %s", cmd->cmd->name);
         }
+        else if (max) {
+            limit->rlim_max = max;
+        }
     }
     else {
         if (cur) {