From 9f38c7669934d1dc9d22b1e1f9f696574aeca0fd Mon Sep 17 00:00:00 2001
From: Keegan McAllister <mcallister.keegan@gmail.com>
Date: Wed, 21 Mar 2012 08:46:42 -0400
Subject: [PATCH] Explicitly disable dumping core (closes #72)

This is a precaution to avoid saving sensitive data to disk, e.g. session keys.
We expect that corefiles are not world readable, but they're still sitting on
the physical disk and it's safer just to disable creating them.

GitHub issue #71 deals with a similar concern.
---
 src/crypto/crypto.cc        | 15 +++++++++++++++
 src/crypto/crypto.h         |  2 ++
 src/frontend/mosh-client.cc |  3 +++
 src/frontend/mosh-server.cc |  3 +++
 4 files changed, 23 insertions(+)

diff --git a/src/crypto/crypto.cc b/src/crypto/crypto.cc
index c9da604..6d6d850 100644
--- a/src/crypto/crypto.cc
+++ b/src/crypto/crypto.cc
@@ -20,6 +20,7 @@
 #include <stdio.h>
 #include <errno.h>
 #include <stdlib.h>
+#include <sys/resource.h>
 
 #include "byteorder.h"
 #include "crypto.h"
@@ -246,3 +247,17 @@ Message Session::decrypt( string ciphertext )
 
   return ret;
 }
+
+/* Disable dumping core, as a precaution to avoid saving sensitive data
+   to disk. */
+void Crypto::disable_dumping_core( void ) {
+  struct rlimit limit;
+  limit.rlim_cur = 0;
+  limit.rlim_max = 0;
+  if ( 0 != setrlimit( RLIMIT_CORE, &limit ) ) {
+    /* We don't throw CryptoException because this is called very early
+       in main(), outside of 'try'. */
+    perror( "setrlimit(RLIMIT_CORE)" );
+    exit( 1 );
+  }
+}
diff --git a/src/crypto/crypto.h b/src/crypto/crypto.h
index c388795..1ed7582 100644
--- a/src/crypto/crypto.h
+++ b/src/crypto/crypto.h
@@ -84,6 +84,8 @@ namespace Crypto {
     Session( const Session & );
     Session & operator=( const Session & );
   };
+
+  void disable_dumping_core( void );
 }
 
 #endif
diff --git a/src/frontend/mosh-client.cc b/src/frontend/mosh-client.cc
index 44dda34..9cd2613 100644
--- a/src/frontend/mosh-client.cc
+++ b/src/frontend/mosh-client.cc
@@ -54,6 +54,9 @@ void print_colorcount( void )
 
 int main( int argc, char *argv[] )
 {
+  /* For security, make sure we don't dump core */
+  Crypto::disable_dumping_core();
+
   /* Get arguments */
   int opt;
   while ( (opt = getopt( argc, argv, "c" )) != -1 ) {
diff --git a/src/frontend/mosh-server.cc b/src/frontend/mosh-server.cc
index 9699b29..9fbe67c 100644
--- a/src/frontend/mosh-server.cc
+++ b/src/frontend/mosh-server.cc
@@ -103,6 +103,9 @@ string get_SSH_IP( void )
 
 int main( int argc, char *argv[] )
 {
+  /* For security, make sure we don't dump core */
+  Crypto::disable_dumping_core();
+
   char *desired_ip = NULL;
   char *desired_port = NULL;
   char **command = NULL;