login_patch.txt

1999-09-21T00:00:00
ID PACKETSTORM:15694
Type packetstorm
Reporter Packet Storm
Modified 1999-09-21T00:00:00

Description

                                        
                                            `diff -ur ./util-linux-2.9o/lib/pathnames.h ./util-linux-2.9o-mp/lib/pathnames.h  
--- ./util-linux-2.9o/lib/pathnames.h Sun Oct 11 14:19:16 1998  
+++ ./util-linux-2.9o-mp/lib/pathnames.h Wed Jul 14 22:51:13 1999  
@@ -86,6 +86,7 @@  
  
#define _PATH_SECURE "/etc/securesingle"  
#define _PATH_USERTTY "/etc/usertty"  
+#define _PATH_LIMITS "/etc/limits"  
  
#define _PATH_MTAB "/etc/mtab"  
#define _PATH_UMOUNT "/bin/umount"  
diff -ur ./util-linux-2.9o/login-utils/login.c ./util-linux-2.9o-mp/login-utils/login.c  
--- ./util-linux-2.9o/login-utils/login.c Sat Mar 20 14:20:16 1999  
+++ ./util-linux-2.9o-mp/login-utils/login.c Wed Jul 14 22:49:24 1999  
@@ -185,6 +185,7 @@  
char *stypeof P_((char *ttyid));  
void checktty P_((char *user, char *tty, struct passwd *pwd));  
void sleepexit P_((int eval));  
+void setup_limits P_(struct passwd *pwd);  
#ifdef CRYPTOCARD  
int cryptocard P_((void));  
#endif  
@@ -1110,6 +1111,8 @@  
  
childArgv[childArgc++] = NULL;  
  
+ setup_limits(pwd);  
+   
execvp(childArgv[0], childArgv + 1);  
  
if (!strcmp(childArgv[0], "/bin/sh"))  
@@ -1120,6 +1123,161 @@  
  
exit(0);  
}  
+  
+/* Most of this code ripped from lshell by Joel Katz */  
+void process(char *buf)  
+{  
+ /* buf is of the form [Fn][Pn][Ct][Vm][Sm][Rm][Lm][Dm] where */  
+ /* F specifies n max open files */  
+ /* P specifies n max procs */  
+ /* c specifies t seconds of cpu */  
+ /* C specifies t minutes of cpu */  
+ /* v specifies m kbs of total virtual memory (address space) */  
+ /* V specifies m megs of total virtual memory (address space) */  
+ /* s specifies m kbs of stack */  
+ /* S specifies m megs of stack */  
+ /* r specifies m kbs of RSS */  
+ /* R specifies m megs of RSS */  
+ /* l specifies m kbs of locked (non-swappable) memory */  
+ /* L specifies m megs of locked (non-swappable) memory */  
+ /* d specifies m kbs of Data segment */  
+ /* D specifies m megs of Data segment */  
+  
+ struct rlimit rlim;  
+ char *pp = buf;  
+ int i;  
+  
+ while(*pp!=0)  
+ {  
+ i = 1;  
+ switch(*pp++)  
+ {  
+ case 'f':  
+ case 'F':  
+ i = atoi(pp);  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+ setrlimit(RLIMIT_NOFILE, &rlim);  
+ break;  
+ case 'p':  
+ case 'P':  
+ i = atoi(pp);  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+ setrlimit(RLIMIT_NPROC, &rlim);  
+ break;  
+ case 'C':  
+ i = 60;  
+ case 'c':  
+ i *= atoi(pp);  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+ setrlimit(RLIMIT_CPU, &rlim);  
+ break;  
+ case 'V':  
+ i = 1024;  
+ case 'v':  
+ i *= atoi(pp)*1024;  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+#if defined(RLIMIT_AS) /* Linux */  
+ setrlimit(RLIMIT_AS, &rlim);  
+#else if defined(RLIMIT_VMEM) /* Irix */  
+ setrlimit(RLIMIT_VMEM, &rlim);  
+#endif  
+ break;  
+ case 'S':  
+ i = 1024;  
+ case 's':  
+ i *= atoi(pp)*1024;  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+ setrlimit(RLIMIT_STACK, &rlim);  
+ break;  
+ case 'R':  
+ i = 1024;  
+ case 'r':  
+ i *= atoi(pp)*1024;  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+ setrlimit(RLIMIT_RSS, &rlim);  
+ break;  
+ case 'L':  
+ i = 1024;  
+ case 'l':  
+ i *= atoi(pp)*1024;  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+ setrlimit(RLIMIT_MEMLOCK, &rlim);  
+ break;  
+ case 'D':  
+ i = 1024;  
+ case 'd':  
+ i *= atoi(pp)*1024;  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+ setrlimit(RLIMIT_DATA, &rlim);  
+ break;  
+ }  
+ }  
+}  
+  
+void setup_limits(struct passwd *pw)  
+{  
+ FILE *fp;  
+ int i;  
+ char buf[200], name[20], limits[64];  
+ char *p;  
+  
+ if(pw->pw_uid == 0)  
+ {  
+ return;  
+ }  
+  
+ if((fp = fopen(_PATH_LIMITS,"r")) == NULL)  
+ {  
+ return;  
+ }  
+  
+ while(fgets(buf, 200, fp) != NULL)  
+ {  
+ if(buf[0] == '#')  
+ continue;  
+   
+ p = strchr(buf, '#');  
+ if(p)  
+ *p = 0;  
+   
+ i=sscanf(buf, "%s %s", name, limits);  
+   
+ if(!strcmp(name, pw->pw_name))  
+ {  
+ if(i==2)  
+ process(limits);  
+ fclose(fp);  
+ return;  
+ }  
+ }  
+ fclose(fp);  
+ process(limits); /* Last line is default */  
+}  
+  
  
void  
getloginname()  
`