From a289a2319e4718f6082087c0f8dc7dfea3a8dc6e Mon Sep 17 00:00:00 2001 From: Keegan McAllister Date: Mon, 16 Apr 2012 19:34:43 -0400 Subject: [PATCH] Preserve RLIMIT_CORE hard limit, and restore soft limit before exec Closes #196. --- src/crypto/crypto.cc | 22 +++++++++++++++++++--- src/crypto/crypto.h | 1 + src/frontend/mosh-server.cc | 2 ++ 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/src/crypto/crypto.cc b/src/crypto/crypto.cc index 31104b6..d7f45c4 100644 --- a/src/crypto/crypto.cc +++ b/src/crypto/crypto.cc @@ -283,16 +283,32 @@ Message Session::decrypt( string ciphertext ) return ret; } +static rlim_t saved_core_rlimit; + /* Disable dumping core, as a precaution to avoid saving sensitive data to disk. */ void Crypto::disable_dumping_core( void ) { struct rlimit limit; - limit.rlim_cur = 0; - limit.rlim_max = 0; - if ( 0 != setrlimit( RLIMIT_CORE, &limit ) ) { + if ( 0 != getrlimit( RLIMIT_CORE, &limit ) ) { /* We don't throw CryptoException because this is called very early in main(), outside of 'try'. */ + perror( "getrlimit(RLIMIT_CORE)" ); + exit( 1 ); + } + + saved_core_rlimit = limit.rlim_cur; + limit.rlim_cur = 0; + if ( 0 != setrlimit( RLIMIT_CORE, &limit ) ) { perror( "setrlimit(RLIMIT_CORE)" ); exit( 1 ); } } + +void Crypto::reenable_dumping_core( void ) { + /* Silent failure is safe. */ + struct rlimit limit; + if ( 0 == getrlimit( RLIMIT_CORE, &limit ) ) { + limit.rlim_cur = saved_core_rlimit; + setrlimit( RLIMIT_CORE, &limit ); + } +} diff --git a/src/crypto/crypto.h b/src/crypto/crypto.h index eab73be..5d7a3af 100644 --- a/src/crypto/crypto.h +++ b/src/crypto/crypto.h @@ -113,6 +113,7 @@ namespace Crypto { }; void disable_dumping_core( void ); + void reenable_dumping_core( void ); } #endif diff --git a/src/frontend/mosh-server.cc b/src/frontend/mosh-server.cc index debe73b..96d4ae3 100644 --- a/src/frontend/mosh-server.cc +++ b/src/frontend/mosh-server.cc @@ -401,6 +401,8 @@ int run_server( const char *desired_ip, const char *desired_port, print_motd(); } + Crypto::reenable_dumping_core(); + if ( execvp( command_path.c_str(), command_argv ) < 0 ) { perror( "execvp" ); _exit( 1 );