www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Portwood <ja...@iac.net>
Subject suexec/6673: suexec doesn't set resource limits on a user class set by login.conf
Date Sat, 14 Oct 2000 00:12:07 GMT

>Number:         6673
>Category:       suexec
>Synopsis:       suexec doesn't set resource limits on a user class set by login.conf
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          change-request
>Submitter-Id:   apache
>Arrival-Date:   Fri Oct 13 17:20:01 PDT 2000
>Originator:     jason@iac.net
>Release:        Apache 1.3.12
4.1.1-STABLE FreeBSD 4.1.1-STABLE #9
gcc version 2.95.2 19991024 (release)
Simply I set the login.conf default class to have a filesize limit of 7M.  Then
had a CGI script create a file larger than that.  The script executed and created a file much
large than that.

There are several other things a user could do with memory limits either with bogging the
server down or doing a DOS.
Just create a quick CGI that would copy /dev/zero to the local dir.  It's a test that works
(to say the least).  With suexec modified to do this it peacefully exists.
This code is NOT mine.  It was posted to the FreeBSD ISP mailing list in May of 1999 by a
Andy Farkas (andyf@speednet.com.au).  It looked like a good idea so I gave it a shot. I noticed
it wasn't in the current suxec and figured why not submit it.  His words were enjoy so I figured
it would be ok to do so.

--- Makefile-orig   Fri Oct 13 19:14:54 2000
+++ Makefile    Fri Oct 13 19:19:57 2000
@@ -41,7 +41,7 @@
-LIBS1=  -lcrypt
+LIBS1=  -lcrypt -lutil
 ##  (End of automatically generated section)

> #if defined __FreeBSD__
> #include <login_cap.h>
> #endif
> #if defined __FreeBSD__
>     login_cap_t *lc;
> #endif
> #if defined __FreeBSD__
>     /*
>      * Get user class
>      */
>     if ((lc = login_getclassbyname(pw->pw_class, pw)) == NULL) {
>       log_err("failed to login_classbyname()\n");
>             exit(201);
>     }
>       /* 
>        * set resource limits
>        */
>       if ((setusercontext(lc,pw, uid, LOGIN_SETRESOURCES)) != 0) {
>       log_err("failed to setusercontext()\n");
>             exit(201);
>       }
>       login_close(lc);
> #endif

 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]

View raw message