commit - a69094689a8fae092c9c9a99c1824d2052525f31
commit + fec752080379fa1d041ed3937dfd4ce3fee33fbf
blob - 7fe8383caa546eb53fad4c421af5738bf34f0ea1
blob + 8f34aa3fdeb12d1f41f37a057a965630aed8aa3f
--- gotd/gotd.c
+++ gotd/gotd.c
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/wait.h>
+#include <sys/resource.h>
#include <fcntl.h>
#include <err.h>
}
static void
-drop_privs(struct passwd *pw)
+set_max_datasize(void)
{
- /* Drop root privileges. */
- if (setgid(pw->pw_gid) == -1)
- fatal("setgid %d failed", pw->pw_gid);
- if (setuid(pw->pw_uid) == -1)
- fatal("setuid %d failed", pw->pw_uid);
+ struct rlimit rl;
+
+ if (getrlimit(RLIMIT_DATA, &rl) != 0)
+ return;
+
+ rl.rlim_cur = rl.rlim_max;
+ setrlimit(RLIMIT_DATA, &rl);
}
int
/* NOTREACHED */
break;
case PROC_REPO_READ:
+ set_max_datasize();
#ifndef PROFILE
if (pledge("stdio rpath recvfd unveil", NULL) == -1)
err(1, "pledge");
/* NOTREACHED */
exit(0);
case PROC_REPO_WRITE:
+ set_max_datasize();
#ifndef PROFILE
if (pledge("stdio rpath recvfd unveil", NULL) == -1)
err(1, "pledge");