[dovecot-cvs] dovecot/src/master auth-process.c,1.12,1.13 imap-process.c,1.10,1.11 login-process.c,1.14,1.15 settings.c,1.23,1.24 settings.h,1.14,1.15

cras at procontrol.fi cras at procontrol.fi
Sun Dec 1 15:48:52 EET 2002 

Update of /home/cvs/dovecot/src/master
In directory danu:/tmp/cvs-serv27190/src/master

Modified Files:
	auth-process.c imap-process.c login-process.c settings.c 
	settings.h 
Log Message:
Added virtual memory size limits to processes. Default values are pretty
high, this is mostly because I want it to prevent accidental infinite loops
eating memory or some integer overflows, not to actually restrict anything.



Index: auth-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/auth-process.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- auth-process.c	27 Nov 2002 00:21:41 -0000	1.12
+++ auth-process.c	1 Dec 2002 13:48:50 -0000	1.13
@@ -6,6 +6,7 @@
 #include "network.h"
 #include "obuffer.h"
 #include "restrict-access.h"
+#include "restrict-process-size.h"
 #include "auth-process.h"
 
 #include <stdlib.h>
@@ -207,6 +208,9 @@
 
 	i_assert(listen_fd > 2);
 
+	if (net_accept(listen_fd, NULL, NULL) == -2)
+		i_fatal("net_accept(1) failed: %m");
+
 	/* set correct permissions */
 	(void)chown(path, set_login_uid, set_login_gid);
 
@@ -224,8 +228,14 @@
 	if (dup2(null_fd, 2) < 0)
 		i_fatal("login: dup2() failed: %m");
 
+	if (net_accept(listen_fd, NULL, NULL) == -2)
+		i_fatal("net_accept(2) failed: %m");
+
 	clean_child_process();
 
+	if (net_accept(listen_fd, NULL, NULL) == -2)
+		i_fatal("net_accept(3) failed: %m");
+
 	/* move login communication handle to 3. do it last so we can be
 	   sure it's not closed afterwards. */
 	if (listen_fd != 3) {
@@ -239,6 +249,9 @@
 	restrict_access_set_env(config->user, pwd->pw_uid, pwd->pw_gid,
 				config->chroot);
 
+	if (net_accept(3, NULL, NULL) == -2)
+		i_fatal("net_accept(4) failed: %m");
+
 	/* set other environment */
 	env_put(t_strdup_printf("AUTH_PROCESS=%d", (int) getpid()));
 	env_put(t_strconcat("METHODS=", config->methods, NULL));
@@ -246,6 +259,9 @@
 	env_put(t_strconcat("USERINFO=", config->userinfo, NULL));
 	env_put(t_strconcat("USERINFO_ARGS=", config->userinfo_args,
 				    NULL));
+
+	restrict_process_size(config->process_size);
+
 	/* hide the path, it's ugly */
 	argv[0] = strrchr(config->executable, '/');
 	if (argv[0] == NULL) argv[0] = config->executable; else argv[0]++;

Index: imap-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/imap-process.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- imap-process.c	26 Nov 2002 19:49:06 -0000	1.10
+++ imap-process.c	1 Dec 2002 13:48:50 -0000	1.11
@@ -3,6 +3,7 @@
 #include "common.h"
 #include "env-util.h"
 #include "restrict-access.h"
+#include "restrict-process-size.h"
 
 #include <stdlib.h>
 #include <unistd.h>
@@ -150,6 +151,8 @@
 	/* setup access environment - needs to be done after
 	   clean_child_process() since it clears environment */
 	restrict_access_set_env(user, uid, gid, chroot ? home : NULL);
+
+	restrict_process_size(set_imap_process_size);
 
 	/* hide the path, it's ugly */
 	argv[0] = strrchr(set_imap_executable, '/');

Index: login-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/login-process.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- login-process.c	26 Nov 2002 20:04:08 -0000	1.14
+++ login-process.c	1 Dec 2002 13:48:50 -0000	1.15
@@ -7,6 +7,7 @@
 #include "fdpass.h"
 #include "env-util.h"
 #include "restrict-access.h"
+#include "restrict-process-size.h"
 #include "login-process.h"
 #include "auth-process.h"
 #include "master-interface.h"
@@ -319,6 +320,8 @@
 		env_put(t_strdup_printf("MAX_LOGGING_USERS=%d",
 					set_max_logging_users));
 	}
+
+	restrict_process_size(set_login_process_size);
 
 	/* hide the path, it's ugly */
 	argv[0] = strrchr(set_login_executable, '/');

Index: settings.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/settings.c,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -r1.23 -r1.24
--- settings.c	26 Nov 2002 13:31:22 -0000	1.23
+++ settings.c	1 Dec 2002 13:48:50 -0000	1.24
@@ -41,6 +41,7 @@
 
 	{ "login_executable",	SET_STR, &set_login_executable },
 	{ "login_user",		SET_STR, &set_login_user },
+	{ "login_process_size",	SET_INT, &set_login_process_size },
 	{ "login_dir",		SET_STR, &set_login_dir },
 	{ "login_chroot",	SET_BOOL,&set_login_chroot },
 	{ "login_process_per_connection",
@@ -50,6 +51,7 @@
 	{ "max_logging_users",	SET_INT, &set_max_logging_users },
 
 	{ "imap_executable",	SET_STR, &set_imap_executable },
+	{ "imap_process_size",	SET_INT, &set_imap_process_size },
 	{ "valid_chroot_dirs",	SET_STR, &set_valid_chroot_dirs },
 	{ "max_imap_processes",	SET_INT, &set_max_imap_processes },
 	{ "verbose_proctitle",	SET_BOOL,&set_verbose_proctitle },
@@ -99,6 +101,7 @@
 
 /* login */
 char *set_login_executable = PKG_LIBEXECDIR"/imap-login";
+unsigned int set_login_process_size = 16;
 char *set_login_user = "imapd";
 char *set_login_dir = PKG_RUNDIR"/login";
 
@@ -113,6 +116,7 @@
 
 /* imap */
 char *set_imap_executable = PKG_LIBEXECDIR"/imap";
+unsigned int set_imap_process_size = 256;
 char *set_valid_chroot_dirs = NULL;
 unsigned int set_max_imap_processes = 1024;
 int set_verbose_proctitle = FALSE;
@@ -330,6 +334,11 @@
 		return NULL;
 	}
 
+	if (strcmp(key, "auth_process_size") == 0) {
+		if (!sscanf(value, "%i", &auth->process_size))
+			return t_strconcat("Invalid number: ", value, NULL);
+		return NULL;
+	}
 
 	return t_strconcat("Unknown setting: ", key, NULL);
 }

Index: settings.h
===================================================================
RCS file: /home/cvs/dovecot/src/master/settings.h,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- settings.h	25 Nov 2002 10:45:40 -0000	1.14
+++ settings.h	1 Dec 2002 13:48:50 -0000	1.15
@@ -21,6 +21,7 @@
 /* login */
 extern char *set_login_executable;
 extern char *set_login_user;
+extern unsigned int set_login_process_size;
 extern char *set_login_dir;
 extern int set_login_chroot;
 extern int set_login_process_per_connection;
@@ -33,6 +34,7 @@
 
 /* imap */
 extern char *set_imap_executable;
+extern unsigned int set_imap_process_size;
 extern char *set_valid_chroot_dirs;
 extern unsigned int set_max_imap_processes;
 extern int set_verbose_proctitle;
@@ -69,6 +71,7 @@
 	char *chroot;
 
 	int count;
+	unsigned int process_size;
 };
 
 extern AuthConfig *auth_processes_config;

More information about the dovecot-cvs mailing list