[hackers] [ubase] Disable core dumps in case passwd(1) crashes || sin

From: <git_AT_suckless.org>
Date: Tue, 10 Jun 2014 12:44:37 +0200

commit 924fc8449b169f00f0ba9e323b39a84c87a93be9
Author: sin <sin_AT_2f30.org>
Date: Tue Jun 10 11:38:45 2014 +0100

    Disable core dumps in case passwd(1) crashes
    
    Avoids leaking the shadow db.

diff --git a/passwd.c b/passwd.c
index 2606cac..6e25446 100644
--- a/passwd.c
+++ b/passwd.c
_AT_@ -39,6 +39,8 @@ main(int argc, char *argv[])
         if (argc != 1)
                 usage();
 
+ pw_init();
+
         errno = 0;
         pw = getpwnam(argv[0]);
         if (errno)
diff --git a/passwd.h b/passwd.h
index 88881f7..e0277e2 100644
--- a/passwd.h
+++ b/passwd.h
_AT_@ -2,4 +2,5 @@
 /* passwd.c */
 int pw_check(struct passwd *, const char *);
 int pw_copy(int, int, const struct passwd *);
+int pw_init(void);
 int pw_scan(char *, struct passwd *);
diff --git a/util/passwd.c b/util/passwd.c
index a285cb4..6effe79 100644
--- a/util/passwd.c
+++ b/util/passwd.c
_AT_@ -6,6 +6,8 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <sys/resource.h>
+#include <sys/time.h>
 #include "../passwd.h"
 #include "../text.h"
 #include "../util.h"
_AT_@ -108,6 +110,18 @@ pw_copy(int ffd, int tfd, const struct passwd *newpw)
 }
 
 int
+pw_init(void)
+{
+ struct rlimit rlim;
+
+ rlim.rlim_cur = 0;
+ rlim.rlim_max = 0;
+ if (setrlimit(RLIMIT_CORE, &rlim) < 0)
+ eprintf("setrlimit:");
+ return 0;
+}
+
+int
 pw_scan(char *bp, struct passwd *pw)
 {
         char *p;
Received on Tue Jun 10 2014 - 12:44:37 CEST