login_patch.txt

login_patch.txt: Posted Sep 21, 1999; Patch to util-linux-2.9o login.c (and pathnames.h) that provides a means under Linux (should be pretty portable to other OS's) to set limits for the address space limit; tags | exploit; systems | linux; SHA-256 | 956454589237b40d850436b1b95456b44151f45af8ce9252d65db79143aeea08; Download | Favorite | View

login_patch.txt

diff -ur ./util-linux-2.9o/lib/pathnames.h ./util-linux-2.9o-mp/lib/pathnames.h
--- ./util-linux-2.9o/lib/pathnames.h  Sun Oct 11 14:19:16 1998
+++ ./util-linux-2.9o-mp/lib/pathnames.h  Wed Jul 14 22:51:13 1999
@@ -86,6 +86,7 @@

 #define _PATH_SECURE    "/etc/securesingle"
 #define _PATH_USERTTY           "/etc/usertty"
+#define _PATH_LIMITS    "/etc/limits"

 #define _PATH_MTAB    "/etc/mtab"
 #define _PATH_UMOUNT    "/bin/umount"
diff -ur ./util-linux-2.9o/login-utils/login.c ./util-linux-2.9o-mp/login-utils/login.c
--- ./util-linux-2.9o/login-utils/login.c  Sat Mar 20 14:20:16 1999
+++ ./util-linux-2.9o-mp/login-utils/login.c  Wed Jul 14 22:49:24 1999
@@ -185,6 +185,7 @@
 char *stypeof P_((char *ttyid));
 void checktty P_((char *user, char *tty, struct passwd *pwd));
 void sleepexit P_((int eval));
+void setup_limits P_(struct passwd *pwd);
 #ifdef CRYPTOCARD
 int cryptocard P_((void));
 #endif
@@ -1110,6 +1111,8 @@

     childArgv[childArgc++] = NULL;

+    setup_limits(pwd);
+  
     execvp(childArgv[0], childArgv + 1);

     if (!strcmp(childArgv[0], "/bin/sh"))
@@ -1120,6 +1123,161 @@

     exit(0);
 }
+
+/* Most of this code ripped from lshell by Joel Katz */
+void process(char *buf)
+{
+    /* buf is of the form [Fn][Pn][Ct][Vm][Sm][Rm][Lm][Dm] where */
+    /* F specifies n max open files */
+    /* P specifies n max procs */
+    /* c specifies t seconds of cpu */
+    /* C specifies t minutes of cpu */
+    /* v specifies m kbs of total virtual memory (address space) */
+    /* V specifies m megs of total virtual memory (address space) */
+    /* s specifies m kbs of stack */
+    /* S specifies m megs of stack */
+    /* r specifies m kbs of RSS */
+    /* R specifies m megs of RSS */
+    /* l specifies m kbs of locked (non-swappable) memory */
+    /* L specifies m megs of locked (non-swappable) memory */
+    /* d specifies m kbs of Data segment */
+    /* D specifies m megs of Data segment */
+
+    struct rlimit rlim;
+    char *pp = buf;
+    int i;
+
+    while(*pp!=0)
+    {
+  i = 1;
+  switch(*pp++)
+  {
+      case 'f':
+      case 'F':
+    i = atoi(pp);
+    if(!i)
+        break;
+    rlim.rlim_cur = i;
+    rlim.rlim_max = i;
+    setrlimit(RLIMIT_NOFILE, &rlim);
+    break;
+      case 'p':
+      case 'P':
+    i = atoi(pp);
+    if(!i)
+        break;
+    rlim.rlim_cur = i;
+    rlim.rlim_max = i;
+    setrlimit(RLIMIT_NPROC, &rlim);
+    break;
+      case 'C':
+    i = 60;
+      case 'c':
+    i *= atoi(pp);
+    if(!i)
+        break;
+    rlim.rlim_cur = i;
+    rlim.rlim_max = i;
+    setrlimit(RLIMIT_CPU, &rlim);
+    break;
+      case 'V':
+    i = 1024;
+      case 'v':
+    i *= atoi(pp)*1024;
+    if(!i)
+        break;
+    rlim.rlim_cur = i;
+    rlim.rlim_max = i;
+#if defined(RLIMIT_AS) /* Linux */
+    setrlimit(RLIMIT_AS, &rlim);
+#else if defined(RLIMIT_VMEM) /* Irix */
+    setrlimit(RLIMIT_VMEM, &rlim);
+#endif
+    break;
+      case 'S':
+    i = 1024;
+      case 's':
+    i *= atoi(pp)*1024;
+    if(!i)
+        break;
+    rlim.rlim_cur = i;
+    rlim.rlim_max = i;
+    setrlimit(RLIMIT_STACK, &rlim);
+    break;
+      case 'R':
+    i = 1024;
+      case 'r':
+    i *= atoi(pp)*1024;
+    if(!i)
+        break;
+    rlim.rlim_cur = i;
+    rlim.rlim_max = i;
+    setrlimit(RLIMIT_RSS, &rlim);
+    break;
+      case 'L':
+    i = 1024;
+      case 'l':
+    i *= atoi(pp)*1024;
+    if(!i)
+        break;
+    rlim.rlim_cur = i;
+    rlim.rlim_max = i;
+    setrlimit(RLIMIT_MEMLOCK, &rlim);
+    break;
+      case 'D':
+    i = 1024;
+      case 'd':
+    i *= atoi(pp)*1024;
+    if(!i)
+        break;
+    rlim.rlim_cur = i;
+    rlim.rlim_max = i;
+    setrlimit(RLIMIT_DATA, &rlim);
+    break;
+  }
+    }
+}
+
+void setup_limits(struct passwd *pw)
+{
+    FILE *fp;
+    int i;
+    char buf[200], name[20], limits[64];
+    char *p;
+
+    if(pw->pw_uid == 0)
+    {
+  return;
+    }
+
+    if((fp = fopen(_PATH_LIMITS,"r")) == NULL)
+    {
+  return;
+    }
+
+    while(fgets(buf, 200, fp) != NULL)
+    {
+  if(buf[0] == '#')
+      continue;
+  
+  p = strchr(buf, '#');
+  if(p)
+      *p = 0;
+  
+  i=sscanf(buf, "%s %s", name, limits);
+  
+  if(!strcmp(name, pw->pw_name))
+  {
+      if(i==2)
+    process(limits);
+      fclose(fp);
+      return;
+  }
+    }
+    fclose(fp);
+    process(limits); /* Last line is default */
+}
+

 void
 getloginname()

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

login_patch.txt

login_patch.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

login_patch.txt

Share This

login_patch.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems