Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

login_patch.txt

🗓️ 21 Sep 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 34 Views

Updates to login utility add limits for user processes and secure paths for system security.

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`diff -ur ./util-linux-2.9o/lib/pathnames.h ./util-linux-2.9o-mp/lib/pathnames.h  
--- ./util-linux-2.9o/lib/pathnames.h Sun Oct 11 14:19:16 1998  
+++ ./util-linux-2.9o-mp/lib/pathnames.h Wed Jul 14 22:51:13 1999  
@@ -86,6 +86,7 @@  
  
#define _PATH_SECURE "/etc/securesingle"  
#define _PATH_USERTTY "/etc/usertty"  
+#define _PATH_LIMITS "/etc/limits"  
  
#define _PATH_MTAB "/etc/mtab"  
#define _PATH_UMOUNT "/bin/umount"  
diff -ur ./util-linux-2.9o/login-utils/login.c ./util-linux-2.9o-mp/login-utils/login.c  
--- ./util-linux-2.9o/login-utils/login.c Sat Mar 20 14:20:16 1999  
+++ ./util-linux-2.9o-mp/login-utils/login.c Wed Jul 14 22:49:24 1999  
@@ -185,6 +185,7 @@  
char *stypeof P_((char *ttyid));  
void checktty P_((char *user, char *tty, struct passwd *pwd));  
void sleepexit P_((int eval));  
+void setup_limits P_(struct passwd *pwd);  
#ifdef CRYPTOCARD  
int cryptocard P_((void));  
#endif  
@@ -1110,6 +1111,8 @@  
  
childArgv[childArgc++] = NULL;  
  
+ setup_limits(pwd);  
+   
execvp(childArgv[0], childArgv + 1);  
  
if (!strcmp(childArgv[0], "/bin/sh"))  
@@ -1120,6 +1123,161 @@  
  
exit(0);  
}  
+  
+/* Most of this code ripped from lshell by Joel Katz */  
+void process(char *buf)  
+{  
+ /* buf is of the form [Fn][Pn][Ct][Vm][Sm][Rm][Lm][Dm] where */  
+ /* F specifies n max open files */  
+ /* P specifies n max procs */  
+ /* c specifies t seconds of cpu */  
+ /* C specifies t minutes of cpu */  
+ /* v specifies m kbs of total virtual memory (address space) */  
+ /* V specifies m megs of total virtual memory (address space) */  
+ /* s specifies m kbs of stack */  
+ /* S specifies m megs of stack */  
+ /* r specifies m kbs of RSS */  
+ /* R specifies m megs of RSS */  
+ /* l specifies m kbs of locked (non-swappable) memory */  
+ /* L specifies m megs of locked (non-swappable) memory */  
+ /* d specifies m kbs of Data segment */  
+ /* D specifies m megs of Data segment */  
+  
+ struct rlimit rlim;  
+ char *pp = buf;  
+ int i;  
+  
+ while(*pp!=0)  
+ {  
+ i = 1;  
+ switch(*pp++)  
+ {  
+ case 'f':  
+ case 'F':  
+ i = atoi(pp);  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+ setrlimit(RLIMIT_NOFILE, &rlim);  
+ break;  
+ case 'p':  
+ case 'P':  
+ i = atoi(pp);  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+ setrlimit(RLIMIT_NPROC, &rlim);  
+ break;  
+ case 'C':  
+ i = 60;  
+ case 'c':  
+ i *= atoi(pp);  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+ setrlimit(RLIMIT_CPU, &rlim);  
+ break;  
+ case 'V':  
+ i = 1024;  
+ case 'v':  
+ i *= atoi(pp)*1024;  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+#if defined(RLIMIT_AS) /* Linux */  
+ setrlimit(RLIMIT_AS, &rlim);  
+#else if defined(RLIMIT_VMEM) /* Irix */  
+ setrlimit(RLIMIT_VMEM, &rlim);  
+#endif  
+ break;  
+ case 'S':  
+ i = 1024;  
+ case 's':  
+ i *= atoi(pp)*1024;  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+ setrlimit(RLIMIT_STACK, &rlim);  
+ break;  
+ case 'R':  
+ i = 1024;  
+ case 'r':  
+ i *= atoi(pp)*1024;  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+ setrlimit(RLIMIT_RSS, &rlim);  
+ break;  
+ case 'L':  
+ i = 1024;  
+ case 'l':  
+ i *= atoi(pp)*1024;  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+ setrlimit(RLIMIT_MEMLOCK, &rlim);  
+ break;  
+ case 'D':  
+ i = 1024;  
+ case 'd':  
+ i *= atoi(pp)*1024;  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+ setrlimit(RLIMIT_DATA, &rlim);  
+ break;  
+ }  
+ }  
+}  
+  
+void setup_limits(struct passwd *pw)  
+{  
+ FILE *fp;  
+ int i;  
+ char buf[200], name[20], limits[64];  
+ char *p;  
+  
+ if(pw->pw_uid == 0)  
+ {  
+ return;  
+ }  
+  
+ if((fp = fopen(_PATH_LIMITS,"r")) == NULL)  
+ {  
+ return;  
+ }  
+  
+ while(fgets(buf, 200, fp) != NULL)  
+ {  
+ if(buf[0] == '#')  
+ continue;  
+   
+ p = strchr(buf, '#');  
+ if(p)  
+ *p = 0;  
+   
+ i=sscanf(buf, "%s %s", name, limits);  
+   
+ if(!strcmp(name, pw->pw_name))  
+ {  
+ if(i==2)  
+ process(limits);  
+ fclose(fp);  
+ return;  
+ }  
+ }  
+ fclose(fp);  
+ process(limits); /* Last line is default */  
+}  
+  
  
void  
getloginname()  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
21 Sep 1999 00:00Current
7.4High risk
Vulners AI Score7.4
security updatesuser limitspath configurationslogin utilityresource constraints
34
.json
Report