Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ames!lll-lcc!ncis.tis.llnl.gov!lll-winken!uunet!munnari!murtoa.cs.mu.oz.au!mimir!hugin!augean!sibyl!ian
From: ian@sibyl.eleceng.ua.OZ (Ian Dall)
Newsgroups: comp.bugs.sys5
Subject: Re: ulimit -- You don't need sources! (kind of long)
Keywords: ulimit
Message-ID: <184@sibyl.eleceng.ua.OZ>
Date: 9 May 89 01:00:12 GMT
References: <836@twwells.uucp> <4428@ihuxz.ATT.COM> <545@aurora.AthabascaU.CA> <8305@chinet.chi.il.us> <5627@xyzzy.UUCP> <562@aurora.AthabascaU.CA>
Reply-To: ian@sibyl.OZ (Ian Dall)
Organization: Engineering, Uni of Adelaide, Australia
Lines: 27

In article <562@aurora.AthabascaU.CA> lyndon@nexus.ca writes:
>In article <5627@xyzzy.UUCP> duncan@rtp48.dg.com (W. Lee Duncan) writes:
>>I suppose all have already though of this, but you don't need sources
>>to modify login (or any other program).
>>
>>Simply move /bin/login to, e.g. /usr/lib/old_login (and make it non-setuid).
>>Then, create a new /bin/login program (which will be setuid to root):
>
>One problem with this is that cron jobs don't go through login. Yes I can
>add an explicit ulimit command to the command lines in cron, just as I
>can add wrappers around login. The fact that I have to do this on such
>a global scale argues that perhaps this limit shouldn't be there in the
>first place ...

If you want to defeat ulimit once and for all put the wrapper around
init. This is so small I will include it here

#define BIGNUM 0x204090
main(argc,argv) char **argv;
{ ulimit(2,BIGNUM); execv("/etc/init.real", argv); }

I can't quite remember what the rationale if any was for my choice of BIGNUM.
This does not to be suid because, of course, init runs with euid 0.

-- 
Ian Dall     life (n). A sexually transmitted disease which afflicts
                       some people more severely than others.