From 0bfe7036b2b8f4518abe65b9cd30c6aec894afd9 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Mon, 4 Jun 2012 06:20:33 +0200
Subject: Impose rlimits.

---
 honeypot.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'honeypot.c')

diff --git a/honeypot.c b/honeypot.c
index b42c776..44e599a 100644
--- a/honeypot.c
+++ b/honeypot.c
@@ -22,6 +22,8 @@
 #include <pwd.h>
 #include <sys/types.h>
 #include <sys/socket.h>
+#include <sys/time.h>
+#include <sys/resource.h>
 #include <netinet/in.h>
 
 /*
@@ -336,6 +338,7 @@ void negotiate_telnet()
 void drop_privileges()
 {
 	struct passwd *user;
+	struct rlimit limit;
 	
 	if (geteuid() == 0) {
 		user = getpwnam("nobody");
@@ -368,12 +371,31 @@ void drop_privileges()
 			exit(EXIT_FAILURE);
 		}
 	}
+	
+	
+	
+	limit.rlim_cur = limit.rlim_max = 4194304 /* 4 megs */;
+	setrlimit(RLIMIT_DATA, &limit);
+	setrlimit(RLIMIT_FSIZE, &limit);
+	setrlimit(RLIMIT_MEMLOCK, &limit);
+	setrlimit(RLIMIT_AS, &limit);
+	setrlimit(RLIMIT_STACK, &limit);
+	limit.rlim_cur = limit.rlim_max = 0;
+	setrlimit(RLIMIT_CORE, &limit);
+	limit.rlim_cur = limit.rlim_max = 100;
+	setrlimit(RLIMIT_NPROC, &limit);
 }
 
 void handle_connection(int fd, char *ipaddr)
 {
 	char username[1024];
 	char password[1024];
+	struct rlimit limit;
+	
+	limit.rlim_cur = limit.rlim_max = 60;
+	setrlimit(RLIMIT_CPU, &limit);
+	limit.rlim_cur = limit.rlim_max = 0;
+	setrlimit(RLIMIT_NPROC, &limit);
 	
 	input = fdopen(fd, "r");
 	if (!input) {
-- 
cgit v1.2.3-59-g8ed1b