Date: Mon, 6 Nov 2017 11:11:44 +0000 (UTC) From: Eugene Grosbein <eugen@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r325472 - stable/10/libexec/ftpd Message-ID: <201711061111.vA6BBilN030141@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: eugen (ports committer) Date: Mon Nov 6 11:11:44 2017 New Revision: 325472 URL: https://svnweb.freebsd.org/changeset/base/325472 Log: MFC r324364: ftpd(8): fix user context handling Apply authenticated user context after update of wtmp(5) at start of session, so that ftpd process is not killed by kernel with SIGXFSZ when user has "filesize" limit lower than size of system wtmp file. Same applies to session finalization: revert to super-user context before update of wtmp. If ftpd hits limit while writing a file at user request, do not get killed with SIGXFSZ instantly but apparently ignore the signal, process error and report it to the user, and continue with the session. PR: 143570 Approved by: mav (mentor) Modified: stable/10/libexec/ftpd/ftpd.c Modified: stable/10/libexec/ftpd/ftpd.c ============================================================================== --- stable/10/libexec/ftpd/ftpd.c Mon Nov 6 11:10:43 2017 (r325471) +++ stable/10/libexec/ftpd/ftpd.c Mon Nov 6 11:11:44 2017 (r325472) @@ -420,6 +420,10 @@ main(int argc, char *argv[], char **envp) } } + /* handle filesize limit gracefully */ + sa.sa_handler = SIG_IGN; + (void)sigaction(SIGXFSZ, &sa, NULL); + if (daemon_mode) { int *ctl_sock, fd, maxfd = -1, nfds, i; fd_set defreadfds, readfds; @@ -1185,14 +1189,14 @@ end_login(void) #endif (void) seteuid(0); - if (logged_in && dowtmp) - ftpd_logwtmp(wtmpid, NULL, NULL); - pw = NULL; #ifdef LOGIN_CAP setusercontext(NULL, getpwuid(0), 0, LOGIN_SETALL & ~(LOGIN_SETLOGIN | LOGIN_SETUSER | LOGIN_SETGROUP | LOGIN_SETPATH | LOGIN_SETENV)); #endif + if (logged_in && dowtmp) + ftpd_logwtmp(wtmpid, NULL, NULL); + pw = NULL; #ifdef USE_PAM if (pamh) { if ((e = pam_setcred(pamh, PAM_DELETE_CRED)) != PAM_SUCCESS) @@ -1464,7 +1468,7 @@ skip: } } setusercontext(lc, pw, 0, LOGIN_SETALL & - ~(LOGIN_SETUSER | LOGIN_SETPATH | LOGIN_SETENV)); + ~(LOGIN_SETRESOURCES | LOGIN_SETUSER | LOGIN_SETPATH | LOGIN_SETENV)); #else setlogin(pw->pw_name); (void) initgroups(pw->pw_name, pw->pw_gid); @@ -1506,6 +1510,10 @@ skip: (struct sockaddr *)&his_addr); logged_in = 1; +#ifdef LOGIN_CAP + setusercontext(lc, pw, 0, LOGIN_SETRESOURCES); +#endif + if (guest && stats && statfd < 0) #ifdef VIRTUAL_HOSTING statfd = open(thishost->statfile, O_WRONLY|O_APPEND); @@ -2756,6 +2764,11 @@ dologout(int status) if (logged_in && dowtmp) { (void) seteuid(0); +#ifdef LOGIN_CAP + setusercontext(NULL, getpwuid(0), 0, LOGIN_SETALL & ~(LOGIN_SETLOGIN | + LOGIN_SETUSER | LOGIN_SETGROUP | LOGIN_SETPATH | + LOGIN_SETENV)); +#endif ftpd_logwtmp(wtmpid, NULL, NULL); } /* beware of flushing buffers after a SIGPIPE */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201711061111.vA6BBilN030141>