From d8ceba959a9e8c6a62b20080bb745776e1644fb8 Mon Sep 17 00:00:00 2001 From: Eric Andersen Date: Wed, 30 Jul 2003 06:56:07 +0000 Subject: [PATCH] Ronny L Nilsson writes: The login process should always timeout if user don't login sucessfully within reasonable time. Otherwise we're sensetive to a DOS attack by simply doing a bunch of simultaneous telnet connections (deploys all availible TTY's). This patch make login.c terminate the connection after "TIMEOUT" seconds. --- loginutils/login.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/loginutils/login.c b/loginutils/login.c index 741d15c93..c2bada258 100644 --- a/loginutils/login.c +++ b/loginutils/login.c @@ -86,12 +86,9 @@ extern int login_main(int argc, char **argv) username[0]=0; amroot = ( getuid ( ) == 0 ); signal ( SIGALRM, alarm_handler ); + alarm ( TIMEOUT ); + alarmstarted = 1; - if (( argc > 1 ) && ( TIMEOUT > 0 )) { - alarm ( TIMEOUT ); - alarmstarted = 1; - } - while (( flag = getopt(argc, argv, "f:h:p")) != EOF ) { switch ( flag ) { case 'p': -- 2.25.1