Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

login_patch.txt

🗓️ 21 Sep 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 36 Views

Updates to login utility add limits for user processes and secure paths for system security.

Code
`diff -ur ./util-linux-2.9o/lib/pathnames.h ./util-linux-2.9o-mp/lib/pathnames.h  
--- ./util-linux-2.9o/lib/pathnames.h Sun Oct 11 14:19:16 1998  
+++ ./util-linux-2.9o-mp/lib/pathnames.h Wed Jul 14 22:51:13 1999  
@@ -86,6 +86,7 @@  
  
#define _PATH_SECURE "/etc/securesingle"  
#define _PATH_USERTTY "/etc/usertty"  
+#define _PATH_LIMITS "/etc/limits"  
  
#define _PATH_MTAB "/etc/mtab"  
#define _PATH_UMOUNT "/bin/umount"  
diff -ur ./util-linux-2.9o/login-utils/login.c ./util-linux-2.9o-mp/login-utils/login.c  
--- ./util-linux-2.9o/login-utils/login.c Sat Mar 20 14:20:16 1999  
+++ ./util-linux-2.9o-mp/login-utils/login.c Wed Jul 14 22:49:24 1999  
@@ -185,6 +185,7 @@  
char *stypeof P_((char *ttyid));  
void checktty P_((char *user, char *tty, struct passwd *pwd));  
void sleepexit P_((int eval));  
+void setup_limits P_(struct passwd *pwd);  
#ifdef CRYPTOCARD  
int cryptocard P_((void));  
#endif  
@@ -1110,6 +1111,8 @@  
  
childArgv[childArgc++] = NULL;  
  
+ setup_limits(pwd);  
+   
execvp(childArgv[0], childArgv + 1);  
  
if (!strcmp(childArgv[0], "/bin/sh"))  
@@ -1120,6 +1123,161 @@  
  
exit(0);  
}  
+  
+/* Most of this code ripped from lshell by Joel Katz */  
+void process(char *buf)  
+{  
+ /* buf is of the form [Fn][Pn][Ct][Vm][Sm][Rm][Lm][Dm] where */  
+ /* F specifies n max open files */  
+ /* P specifies n max procs */  
+ /* c specifies t seconds of cpu */  
+ /* C specifies t minutes of cpu */  
+ /* v specifies m kbs of total virtual memory (address space) */  
+ /* V specifies m megs of total virtual memory (address space) */  
+ /* s specifies m kbs of stack */  
+ /* S specifies m megs of stack */  
+ /* r specifies m kbs of RSS */  
+ /* R specifies m megs of RSS */  
+ /* l specifies m kbs of locked (non-swappable) memory */  
+ /* L specifies m megs of locked (non-swappable) memory */  
+ /* d specifies m kbs of Data segment */  
+ /* D specifies m megs of Data segment */  
+  
+ struct rlimit rlim;  
+ char *pp = buf;  
+ int i;  
+  
+ while(*pp!=0)  
+ {  
+ i = 1;  
+ switch(*pp++)  
+ {  
+ case 'f':  
+ case 'F':  
+ i = atoi(pp);  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+ setrlimit(RLIMIT_NOFILE, &rlim);  
+ break;  
+ case 'p':  
+ case 'P':  
+ i = atoi(pp);  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+ setrlimit(RLIMIT_NPROC, &rlim);  
+ break;  
+ case 'C':  
+ i = 60;  
+ case 'c':  
+ i *= atoi(pp);  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+ setrlimit(RLIMIT_CPU, &rlim);  
+ break;  
+ case 'V':  
+ i = 1024;  
+ case 'v':  
+ i *= atoi(pp)*1024;  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+#if defined(RLIMIT_AS) /* Linux */  
+ setrlimit(RLIMIT_AS, &rlim);  
+#else if defined(RLIMIT_VMEM) /* Irix */  
+ setrlimit(RLIMIT_VMEM, &rlim);  
+#endif  
+ break;  
+ case 'S':  
+ i = 1024;  
+ case 's':  
+ i *= atoi(pp)*1024;  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+ setrlimit(RLIMIT_STACK, &rlim);  
+ break;  
+ case 'R':  
+ i = 1024;  
+ case 'r':  
+ i *= atoi(pp)*1024;  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+ setrlimit(RLIMIT_RSS, &rlim);  
+ break;  
+ case 'L':  
+ i = 1024;  
+ case 'l':  
+ i *= atoi(pp)*1024;  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+ setrlimit(RLIMIT_MEMLOCK, &rlim);  
+ break;  
+ case 'D':  
+ i = 1024;  
+ case 'd':  
+ i *= atoi(pp)*1024;  
+ if(!i)  
+ break;  
+ rlim.rlim_cur = i;  
+ rlim.rlim_max = i;  
+ setrlimit(RLIMIT_DATA, &rlim);  
+ break;  
+ }  
+ }  
+}  
+  
+void setup_limits(struct passwd *pw)  
+{  
+ FILE *fp;  
+ int i;  
+ char buf[200], name[20], limits[64];  
+ char *p;  
+  
+ if(pw->pw_uid == 0)  
+ {  
+ return;  
+ }  
+  
+ if((fp = fopen(_PATH_LIMITS,"r")) == NULL)  
+ {  
+ return;  
+ }  
+  
+ while(fgets(buf, 200, fp) != NULL)  
+ {  
+ if(buf[0] == '#')  
+ continue;  
+   
+ p = strchr(buf, '#');  
+ if(p)  
+ *p = 0;  
+   
+ i=sscanf(buf, "%s %s", name, limits);  
+   
+ if(!strcmp(name, pw->pw_name))  
+ {  
+ if(i==2)  
+ process(limits);  
+ fclose(fp);  
+ return;  
+ }  
+ }  
+ fclose(fp);  
+ process(limits); /* Last line is default */  
+}  
+  
  
void  
getloginname()  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Sep 1999 00:00Current
7.4High risk
Vulners AI Score7.4
security updatesuser limitspath configurationslogin utilityresource constraints
36