www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Portwood <ja...@iac.net>
Subject suexec/6673: suexec doesn't set resource limits on a user class set by login.conf
Date Sat, 14 Oct 2000 00:12:07 GMT

>Number:         6673
>Category:       suexec
>Synopsis:       suexec doesn't set resource limits on a user class set by login.conf
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   apache
>Arrival-Date:   Fri Oct 13 17:20:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     jason@iac.net
>Release:        Apache 1.3.12
>Organization:
apache
>Environment:
4.1.1-STABLE FreeBSD 4.1.1-STABLE #9
gcc version 2.95.2 19991024 (release)
>Description:
Simply I set the login.conf default class to have a filesize limit of 7M.  Then
had a CGI script create a file larger than that.  The script executed and created a file much
large than that.

There are several other things a user could do with memory limits either with bogging the
server down or doing a DOS.
>How-To-Repeat:
Just create a quick CGI that would copy /dev/zero to the local dir.  It's a test that works
(to say the least).  With suexec modified to do this it peacefully exists.
>Fix:
This code is NOT mine.  It was posted to the FreeBSD ISP mailing list in May of 1999 by a
Andy Farkas (andyf@speednet.com.au).  It looked like a good idea so I gave it a shot. I noticed
it wasn't in the current suxec and figured why not submit it.  His words were enjoy so I figured
it would be ok to do so.

--- Makefile-orig   Fri Oct 13 19:14:54 2000
+++ Makefile    Fri Oct 13 19:19:57 2000
@@ -41,7 +41,7 @@
 REGLIB=
 EXPATLIB=lib/expat-lite/libexpat.a
 RANLIB=ranlib
-LIBS1=  -lcrypt
+LIBS1=  -lcrypt -lutil
 ##
 ##  (End of automatically generated section)
 ##

90a91,94
> #if defined __FreeBSD__
> #include <login_cap.h>
> #endif
> 
264a269,271
> #if defined __FreeBSD__
>     login_cap_t *lc;
> #endif
420a428,446
> 
> #if defined __FreeBSD__
>     /*
>      * Get user class
>      */
>     if ((lc = login_getclassbyname(pw->pw_class, pw)) == NULL) {
>       log_err("failed to login_classbyname()\n");
>             exit(201);
>     }
>       /* 
>        * set resource limits
>        */
>       if ((setusercontext(lc,pw, uid, LOGIN_SETRESOURCES)) != 0) {
>       log_err("failed to setusercontext()\n");
>             exit(201);
>       }
> 
>       login_close(lc);
> #endif


>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]
 
 


Mime
View raw message