[dovecot-cvs] dovecot/src/master auth-process.c,1.12,1.13 imap-process.c,1.10,1.11 login-process.c,1.14,1.15 settings.c,1.23,1.24 settings.h,1.14,1.15
cras at procontrol.fi
cras at procontrol.fi
Sun Dec 1 15:48:52 EET 2002
Update of /home/cvs/dovecot/src/master
In directory danu:/tmp/cvs-serv27190/src/master
Modified Files:
auth-process.c imap-process.c login-process.c settings.c
settings.h
Log Message:
Added virtual memory size limits to processes. Default values are pretty
high, this is mostly because I want it to prevent accidental infinite loops
eating memory or some integer overflows, not to actually restrict anything.
Index: auth-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/auth-process.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- auth-process.c 27 Nov 2002 00:21:41 -0000 1.12
+++ auth-process.c 1 Dec 2002 13:48:50 -0000 1.13
@@ -6,6 +6,7 @@
#include "network.h"
#include "obuffer.h"
#include "restrict-access.h"
+#include "restrict-process-size.h"
#include "auth-process.h"
#include <stdlib.h>
@@ -207,6 +208,9 @@
i_assert(listen_fd > 2);
+ if (net_accept(listen_fd, NULL, NULL) == -2)
+ i_fatal("net_accept(1) failed: %m");
+
/* set correct permissions */
(void)chown(path, set_login_uid, set_login_gid);
@@ -224,8 +228,14 @@
if (dup2(null_fd, 2) < 0)
i_fatal("login: dup2() failed: %m");
+ if (net_accept(listen_fd, NULL, NULL) == -2)
+ i_fatal("net_accept(2) failed: %m");
+
clean_child_process();
+ if (net_accept(listen_fd, NULL, NULL) == -2)
+ i_fatal("net_accept(3) failed: %m");
+
/* move login communication handle to 3. do it last so we can be
sure it's not closed afterwards. */
if (listen_fd != 3) {
@@ -239,6 +249,9 @@
restrict_access_set_env(config->user, pwd->pw_uid, pwd->pw_gid,
config->chroot);
+ if (net_accept(3, NULL, NULL) == -2)
+ i_fatal("net_accept(4) failed: %m");
+
/* set other environment */
env_put(t_strdup_printf("AUTH_PROCESS=%d", (int) getpid()));
env_put(t_strconcat("METHODS=", config->methods, NULL));
@@ -246,6 +259,9 @@
env_put(t_strconcat("USERINFO=", config->userinfo, NULL));
env_put(t_strconcat("USERINFO_ARGS=", config->userinfo_args,
NULL));
+
+ restrict_process_size(config->process_size);
+
/* hide the path, it's ugly */
argv[0] = strrchr(config->executable, '/');
if (argv[0] == NULL) argv[0] = config->executable; else argv[0]++;
Index: imap-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/imap-process.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- imap-process.c 26 Nov 2002 19:49:06 -0000 1.10
+++ imap-process.c 1 Dec 2002 13:48:50 -0000 1.11
@@ -3,6 +3,7 @@
#include "common.h"
#include "env-util.h"
#include "restrict-access.h"
+#include "restrict-process-size.h"
#include <stdlib.h>
#include <unistd.h>
@@ -150,6 +151,8 @@
/* setup access environment - needs to be done after
clean_child_process() since it clears environment */
restrict_access_set_env(user, uid, gid, chroot ? home : NULL);
+
+ restrict_process_size(set_imap_process_size);
/* hide the path, it's ugly */
argv[0] = strrchr(set_imap_executable, '/');
Index: login-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/login-process.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- login-process.c 26 Nov 2002 20:04:08 -0000 1.14
+++ login-process.c 1 Dec 2002 13:48:50 -0000 1.15
@@ -7,6 +7,7 @@
#include "fdpass.h"
#include "env-util.h"
#include "restrict-access.h"
+#include "restrict-process-size.h"
#include "login-process.h"
#include "auth-process.h"
#include "master-interface.h"
@@ -319,6 +320,8 @@
env_put(t_strdup_printf("MAX_LOGGING_USERS=%d",
set_max_logging_users));
}
+
+ restrict_process_size(set_login_process_size);
/* hide the path, it's ugly */
argv[0] = strrchr(set_login_executable, '/');
Index: settings.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/settings.c,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -r1.23 -r1.24
--- settings.c 26 Nov 2002 13:31:22 -0000 1.23
+++ settings.c 1 Dec 2002 13:48:50 -0000 1.24
@@ -41,6 +41,7 @@
{ "login_executable", SET_STR, &set_login_executable },
{ "login_user", SET_STR, &set_login_user },
+ { "login_process_size", SET_INT, &set_login_process_size },
{ "login_dir", SET_STR, &set_login_dir },
{ "login_chroot", SET_BOOL,&set_login_chroot },
{ "login_process_per_connection",
@@ -50,6 +51,7 @@
{ "max_logging_users", SET_INT, &set_max_logging_users },
{ "imap_executable", SET_STR, &set_imap_executable },
+ { "imap_process_size", SET_INT, &set_imap_process_size },
{ "valid_chroot_dirs", SET_STR, &set_valid_chroot_dirs },
{ "max_imap_processes", SET_INT, &set_max_imap_processes },
{ "verbose_proctitle", SET_BOOL,&set_verbose_proctitle },
@@ -99,6 +101,7 @@
/* login */
char *set_login_executable = PKG_LIBEXECDIR"/imap-login";
+unsigned int set_login_process_size = 16;
char *set_login_user = "imapd";
char *set_login_dir = PKG_RUNDIR"/login";
@@ -113,6 +116,7 @@
/* imap */
char *set_imap_executable = PKG_LIBEXECDIR"/imap";
+unsigned int set_imap_process_size = 256;
char *set_valid_chroot_dirs = NULL;
unsigned int set_max_imap_processes = 1024;
int set_verbose_proctitle = FALSE;
@@ -330,6 +334,11 @@
return NULL;
}
+ if (strcmp(key, "auth_process_size") == 0) {
+ if (!sscanf(value, "%i", &auth->process_size))
+ return t_strconcat("Invalid number: ", value, NULL);
+ return NULL;
+ }
return t_strconcat("Unknown setting: ", key, NULL);
}
Index: settings.h
===================================================================
RCS file: /home/cvs/dovecot/src/master/settings.h,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- settings.h 25 Nov 2002 10:45:40 -0000 1.14
+++ settings.h 1 Dec 2002 13:48:50 -0000 1.15
@@ -21,6 +21,7 @@
/* login */
extern char *set_login_executable;
extern char *set_login_user;
+extern unsigned int set_login_process_size;
extern char *set_login_dir;
extern int set_login_chroot;
extern int set_login_process_per_connection;
@@ -33,6 +34,7 @@
/* imap */
extern char *set_imap_executable;
+extern unsigned int set_imap_process_size;
extern char *set_valid_chroot_dirs;
extern unsigned int set_max_imap_processes;
extern int set_verbose_proctitle;
@@ -69,6 +71,7 @@
char *chroot;
int count;
+ unsigned int process_size;
};
extern AuthConfig *auth_processes_config;
More information about the dovecot-cvs
mailing list