Ronny L Nilsson writes:
The login process should always timeout if user don't login sucessfully within reasonable time. Otherwise we're sensetive to a DOS attack by simply doing a bunch of simultaneous telnet connections (deploys all availible TTY's). This patch make login.c terminate the connection after "TIMEOUT" seconds.
This commit is contained in:
parent
eef2317b9f
commit
d8ceba959a
@ -86,12 +86,9 @@ extern int login_main(int argc, char **argv)
|
||||
username[0]=0;
|
||||
amroot = ( getuid ( ) == 0 );
|
||||
signal ( SIGALRM, alarm_handler );
|
||||
alarm ( TIMEOUT );
|
||||
alarmstarted = 1;
|
||||
|
||||
if (( argc > 1 ) && ( TIMEOUT > 0 )) {
|
||||
alarm ( TIMEOUT );
|
||||
alarmstarted = 1;
|
||||
}
|
||||
|
||||
while (( flag = getopt(argc, argv, "f:h:p")) != EOF ) {
|
||||
switch ( flag ) {
|
||||
case 'p':
|
||||
|
Loading…
Reference in New Issue
Block a user