izackp/mosh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Preserve RLIMIT_CORE hard limit, and restore soft limit before exec

Browse Source 
Closes #196.
This commit is contained in:
Keegan McAllister
2012-04-16 19:34:43 -04:00
parent 1b21e004e7
commit a289a2319e
3 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/crypto/crypto.cc
+19 -3
View File
@@ -283,16 +283,32 @@ Message Session::decrypt( string ciphertext )
return ret;
}
static rlim_t saved_core_rlimit;
/* Disable dumping core, as a precaution to avoid saving sensitive data
to disk. */
void Crypto::disable_dumping_core( void ) {
struct rlimit limit;
limit.rlim_cur = 0;
limit.rlim_max = 0;
if ( 0 != setrlimit( RLIMIT_CORE, &limit ) ) {
if ( 0 != getrlimit( RLIMIT_CORE, &limit ) ) {
/* We don't throw CryptoException because this is called very early
in main(), outside of 'try'. */
perror( "getrlimit(RLIMIT_CORE)" );
exit( 1 );
}
saved_core_rlimit = limit.rlim_cur;
limit.rlim_cur = 0;
if ( 0 != setrlimit( RLIMIT_CORE, &limit ) ) {
perror( "setrlimit(RLIMIT_CORE)" );
exit( 1 );
}
}
void Crypto::reenable_dumping_core( void ) {
/* Silent failure is safe. */
struct rlimit limit;
if ( 0 == getrlimit( RLIMIT_CORE, &limit ) ) {
limit.rlim_cur = saved_core_rlimit;
setrlimit( RLIMIT_CORE, &limit );
}
}
src/crypto/crypto.h
+1
View File
@@ -113,6 +113,7 @@ namespace Crypto {
};
void disable_dumping_core( void );
void reenable_dumping_core( void );
}
#endif