diff options
| author | Eric S. Raymond <esr@thyrsus.com> | 1998-08-02 16:30:25 +0000 |
|---|---|---|
| committer | Eric S. Raymond <esr@thyrsus.com> | 1998-08-02 16:30:25 +0000 |
| commit | 1587e4153763fab493acf2deee9028e24e1da57f (patch) | |
| tree | df6226ef00f1253989deff26fb7c853968bf0f4a /fetchmail.c | |
| parent | ac58d06e7a275cd8cb33758d5b23a5226c469c63 (diff) | |
| download | fetchmail-1587e4153763fab493acf2deee9028e24e1da57f.tar.gz fetchmail-1587e4153763fab493acf2deee9028e24e1da57f.tar.bz2 fetchmail-1587e4153763fab493acf2deee9028e24e1da57f.zip | |
Improved security.
svn path=/trunk/; revision=2032
Diffstat (limited to 'fetchmail.c')
| -rw-r--r-- | fetchmail.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/fetchmail.c b/fetchmail.c index 1d549eb5..bc841b28 100644 --- a/fetchmail.c +++ b/fetchmail.c @@ -30,6 +30,9 @@ #include <sys/time.h> #include <sys/types.h> #include <sys/stat.h> +#ifdef HAVE_SETRLIMIT +#include <sys/resource.h> +#endif /* HAVE_SETRLIMIT */ #ifdef HAVE_SYS_WAIT_H #include <sys/wait.h> #endif @@ -336,6 +339,21 @@ int main (int argc, char **argv) strcat (netrc_file, "/.netrc"); netrc_list = parse_netrc(netrc_file); +#ifdef HAVE_SETRLIMIT + /* + * Before getting passwords, disable core dumps unless -v -d0 mode is on. + * Core dumps could otherwise contain passwords to be scavenged by a + * cracker. + */ + if (outlevel < O_VERBOSE || run.poll_interval > 0) + { + struct rlimit corelimit; + corelimit.rlim_cur = 0; + corelimit.rlim_max = 0; + setrlimit(RLIMIT_CORE, &corelimit); + } +#endif /* HAVE_SETRLIMIT */ + /* pick up interactively any passwords we need but don't have */ for (ctl = querylist; ctl; ctl = ctl->next) if (ctl->active && !(implicitmode && ctl->server.skip)&&!ctl->password) |