Dag-Erling Smorgrav <des@FreeBSD.org> writes:
> In setusercontext(), do not apply user settings unless running as the
> user in question (usually but not necessarily because we were called
> with LOGIN_SETUSER). This plugs a hole where users could raise their
> resource limits and expand their CPU mask.
Note that this commit semi-intentionally introduces another bug: in some
cases, the user's limits will not be applied at all. This is by far the
lesser of two evils, and is easy (albeit time-consuming) to fix.
Dag-Erling Smrgrav - email@example.com