[3494] in bugtraq
Re: ftpd bug? Was: bin/1805: Bug in ftpd
daemon@ATHENA.MIT.EDU (Martin Rex)
Thu Oct 17 13:35:02 1996
Date: Thu, 17 Oct 1996 07:27:13 -0400
Reply-To: Martin.Rex@sap-ag.de
From: Martin Rex <martin.rex@sap-ag.de>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
I'm sorry, but proposal to launch inetd with ulimit -c 0 doesn't seem
to be a good idea. Although it will keep all deamons forked by inetd
from dumping core, it will also prevent all users that log in via
network to raise the coresize limit.
Here's another proposal:
Change /etc/inetd.conf:
< ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd
> ftp stream tcp nowait root /usr/sbin/wrap_in.ftpd in.ftpd
and install the following program as /usr/sbin/wrap_in.ftpd:
/* ---------------------------------------------------------- */
#include <stdio.h>
#include <sys/time.h>
#include <sys/resource.h>
struct rlimit rlp;
int
main( int argc, char **argv, char **env )
{
if ( getrlimit( RLIMIT_CORE , &rlp )!=0 ) {
perror("getrlimit(RLIMIT_CORE)");
} else {
rlp.rlim_cur = 0;
if ( setrlimit( RLIMIT_CORE , &rlp )!=0 ) {
perror("setrlimit(RLIMIT_CORE)");
} else {
execve("/usr/sbin/in.ftpd", argv, env);
perror("execve(\"/usr/sbin/in.ftpd\")");
}
}
return(1);
}
/* ---------------------------------------------------------- */
Although the Solaris-2.4 binary is only 1.8KByte gzipped, I will
not include it. If you can not compile it yourself, ask somebody
whom you trust to do it for you.
Technically, a shell script like
#!/bin/sh
#
ulimit -c 0
exec /usr/sbin/in.ftpd "$@"
should work equally well. Personally, I prefer the binary. :)
-Martin
