ulimit -- You don't need sources! (kind of long)
W. Lee Duncan
duncan at rtp48.dg.com
Wed May 3 23:46:46 AEST 1989
In article <8305 at chinet.chi.il.us> les at chinet.chi.il.us (Leslie Mikesell)
writes:
>In article <545 at aurora.AthabascaU.CA> lyndon at nexus.ca (Lyndon Nerenberg)
>writes:
>
>>>It is not difficult at all for the administrator to set a higher
>>>ulimit for users that have a legitimate need, ESPECIALLY is you have
>>>source to the login program.
>
>>That's a pretty damn big ESPECIALLY. ... [more complaining]
>
>Or perhaps an OS that provides per-user disk quotas (and a machine
>to run it on.. [notice the lack of a smiley here])
>
[ much more complaining and arguing]
I suppose all have already though of this, but you don't need sources
to modify login (or any other program).
Simply move /bin/login to, e.g. /usr/lib/old_login (and make it non-setuid).
Then, create a new /bin/login program (which will be setuid to root):
main(argc, argv)
int argc;
char *argv[];
{
ulimit(SOME_BIG_NUMBER); /* set some big ulimit */
execv("/usr/lib/old_login", argv); /* call the orig. login */
(void)fprintf(stderr, "Oh oh! shouldn't reach here!\n");
exit(ENOUSEINLIFE)
}
Note that, if you wish to have some sort of user database that's used
to find the ulimit per user, and you access that here (instead of just
setting the ulimit to a large value) you can get in to trouble (email
me if you don't know what I mean here).
Just use common sense and testing, and this should work fine.
I have used this approach for several things, including having "uucp"
check user names in a database before allowing access, and
single-threading a "troff"/laser printer.
Sorry about the tone -- Just thought some helpful information might
be called for.
More information about the Comp.bugs.sys5
mailing list