From c72745afa96a87d41a22804f48499db12d95dfcd Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Sat, 2 Dec 2000 19:03:54 +0000 Subject: 20001203 - (bal) OpenBSD CVS updates: - markus@cvs.openbsd.org 2000/11/30 22:54:31 [channels.c] debug->warn if tried to do -R style fwd w/o client requesting this; ok neils@ - markus@cvs.openbsd.org 2000/11/29 20:39:17 [cipher.c] des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV - markus@cvs.openbsd.org 2000/11/30 18:33:05 [ssh-agent.c] agents must not dump core, ok niels@ - markus@cvs.openbsd.org 2000/11/30 07:04:02 [ssh.1] T is for both protocols - markus@cvs.openbsd.org 2000/12/01 00:00:51 [ssh.1] typo; from green@FreeBSD.org - markus@cvs.openbsd.org 2000/11/30 07:02:35 [ssh.c] check -T before isatty() - provos@cvs.openbsd.org 2000/11/29 13:51:27 [sshconnect.c] show IP address and hostname when new key is encountered. okay markus@ - markus@cvs.openbsd.org 2000/11/30 22:53:35 [sshconnect.c] disable agent/x11/port fwding if hostkey has changed; ok niels@ - marksu@cvs.openbsd.org 2000/11/29 21:11:59 [sshd.c] sshd -D, startup w/o deamon(), for monitoring scripts or inittab; from handler@sub-rosa.com and eric@urbanrange.com; ok niels@ --- ssh-agent.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'ssh-agent.c') diff --git a/ssh-agent.c b/ssh-agent.c index 6f89dd5ca..821ee26f4 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.40 2000/11/14 23:48:55 markus Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.41 2000/11/30 18:33:05 markus Exp $ */ /* * Author: Tatu Ylonen @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.40 2000/11/14 23:48:55 markus Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.41 2000/11/30 18:33:05 markus Exp $"); #include "ssh.h" #include "rsa.h" @@ -674,6 +674,7 @@ main(int ac, char **av) fd_set readset, writeset; int sock, c_flag = 0, k_flag = 0, s_flag = 0, ch; struct sockaddr_un sunaddr; + struct rlimit rlim; pid_t pid; char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid]; extern int optind; @@ -804,6 +805,12 @@ main(int ac, char **av) close(1); close(2); + /* deny core dumps, since memory contains unencrypted private keys */ + rlim.rlim_cur = rlim.rlim_max = 0; + if (setrlimit(RLIMIT_CORE, &rlim) < 0) { + perror("setrlimit rlimit_core failed"); + cleanup_exit(1); + } if (setsid() == -1) { perror("setsid"); cleanup_exit(1); -- cgit v1.2.3