From: Eric Covener <covener@apache.org>
Date: Sat, 4 Dec 2010 15:06:29 +0000 (+0000)
Subject: Per the existing comment and setrlimit() behavior --  only prevent attempts to
X-Git-Tag: 2.3.10~90
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=49bd9d3de10cc11e8b5733c6d7f9fa673eafde91;p=apache

Per the existing comment and setrlimit() behavior --  only prevent attempts to
raise the hard limit, not to lower it, by nonroot users.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1042198 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/os/unix/unixd.c b/os/unix/unixd.c
index 6e2f4f9082..e8677d1383 100644
--- a/os/unix/unixd.c
+++ b/os/unix/unixd.c
@@ -95,10 +95,13 @@ AP_DECLARE(void) ap_unixd_set_rlimit(cmd_parms *cmd, struct rlimit **plimit,
     /* if we aren't running as root, cannot increase max */
     if (geteuid()) {
         limit->rlim_cur = cur;
-        if (max) {
+        if (max && (max > limit->rlim_max)) {
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, cmd->server,
                          "Must be uid 0 to raise maximum %s", cmd->cmd->name);
         }
+        else if (max) {
+            limit->rlim_max = max;
+        }
     }
     else {
         if (cur) {