Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ftpd bug? Was: bin/1805: Bug in ftpd

From: martin.rex () sap-ag de (Martin Rex)
Date: Thu, 17 Oct 1996 07:27:13 -0400

I'm sorry, but proposal to launch inetd with ulimit -c 0 doesn't seem
to be a good idea.  Although it will keep all deamons forked by inetd
from dumping core, it will also prevent all users that log in via
network to raise the coresize limit.

Here's another proposal:
Change /etc/inetd.conf:

< ftp     stream  tcp     nowait  root    /usr/sbin/in.ftpd  in.ftpd

ftp     stream  tcp     nowait  root    /usr/sbin/wrap_in.ftpd  in.ftpd


and install the following program as /usr/sbin/wrap_in.ftpd:

/* ---------------------------------------------------------- */
#include <stdio.h>
#include <sys/time.h>
#include <sys/resource.h>

struct rlimit rlp;

int
main( int argc, char **argv, char **env )
{

   if ( getrlimit( RLIMIT_CORE , &rlp )!=0 ) {
      perror("getrlimit(RLIMIT_CORE)");
   } else {
      rlp.rlim_cur = 0;
      if ( setrlimit( RLIMIT_CORE , &rlp )!=0 ) {
         perror("setrlimit(RLIMIT_CORE)");
      } else {
         execve("/usr/sbin/in.ftpd", argv, env);
         perror("execve(\"/usr/sbin/in.ftpd\")");
      }
   }

   return(1);
}
/* ---------------------------------------------------------- */

Although the Solaris-2.4 binary is only 1.8KByte gzipped, I will
not include it.  If you can not compile it yourself, ask somebody
whom you trust to do it for you.

Technically, a shell script like

#!/bin/sh
#
ulimit -c 0
exec /usr/sbin/in.ftpd "$@"

should work equally well.  Personally, I prefer the binary. :)


-Martin
Previous By Date Next
Previous By Thread Next

Current thread: