From 924fc8449b169f00f0ba9e323b39a84c87a93be9 Mon Sep 17 00:00:00 2001 From: sin Date: Tue, 10 Jun 2014 11:38:45 +0100 Subject: [PATCH] Disable core dumps in case passwd(1) crashes Avoids leaking the shadow db. --- passwd.c | 2 ++ passwd.h | 1 + util/passwd.c | 14 ++++++++++++++ 3 files changed, 17 insertions(+) diff --git a/passwd.c b/passwd.c index 2606cac..6e25446 100644 --- a/passwd.c +++ b/passwd.c @@ -39,6 +39,8 @@ main(int argc, char *argv[]) if (argc != 1) usage(); + pw_init(); + errno = 0; pw = getpwnam(argv[0]); if (errno) diff --git a/passwd.h b/passwd.h index 88881f7..e0277e2 100644 --- a/passwd.h +++ b/passwd.h @@ -2,4 +2,5 @@ /* passwd.c */ int pw_check(struct passwd *, const char *); int pw_copy(int, int, const struct passwd *); +int pw_init(void); int pw_scan(char *, struct passwd *); diff --git a/util/passwd.c b/util/passwd.c index a285cb4..6effe79 100644 --- a/util/passwd.c +++ b/util/passwd.c @@ -6,6 +6,8 @@ #include #include #include +#include +#include #include "../passwd.h" #include "../text.h" #include "../util.h" @@ -107,6 +109,18 @@ pw_copy(int ffd, int tfd, const struct passwd *newpw) return 0; } +int +pw_init(void) +{ + struct rlimit rlim; + + rlim.rlim_cur = 0; + rlim.rlim_max = 0; + if (setrlimit(RLIMIT_CORE, &rlim) < 0) + eprintf("setrlimit:"); + return 0; +} + int pw_scan(char *bp, struct passwd *pw) {