1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
--- ./os/utils.c.orig 2009-07-07 12:48:58.000000000 -0500
+++ ./os/utils.c 2010-08-26 15:54:46.000000000 -0500
@@ -58,6 +58,36 @@
#include <signal.h>
#endif
+/*
+ * issetugid()
+ *
+ * Copyright (C) - 2007 Robert Connolly
+ *
+ * Permission to reproduce, copy, delete, distribute, transmit, use, modify,
+ * build upon or otherwise exploit this software, in any form, for any
+ * purpose, in any way, and by anyone, including by methods that have not
+ * yet been invented or conceived, is hereby granted.
+ */
+#include <unistd.h>
+extern int __libc_enable_secure;
+int issetugid(void)
+{
+ if (__libc_enable_secure)
+ {
+ return 1;
+ }
+ if (getuid() != geteuid())
+ {
+ return 1;
+ }
+ if (getgid() != getegid())
+ {
+ return 1;
+ }
+ /* Else */
+ return 0;
+}
+
#if defined(WIN32) && !defined(__CYGWIN__)
#include <X11/Xwinsock.h>
#endif
@@ -761,6 +791,22 @@
UseMsg();
}
#endif
+/* #ifdef RLIMIT_AS
+ else if ( strcmp( argv[i], "-la") == 0)
+ {
+ if (getuid() != 0 && issetugid()) {
+ FatalError("The '-la' option can only be used by root.\n");
+ }
+ if(++i < argc)
+ {
+ limitAddressSpace = atol(argv[i]);
+ if (limitAddressSpace > 0)
+ limitAddressSpace *= 1024;
+ }
+ else
+ UseMsg();
+ }
+#endif */
#ifdef SERVER_LOCK
else if ( strcmp ( argv[i], "-nolock") == 0)
{
--- ./os/osinit.c.orig 2009-07-07 12:48:58.000000000 -0500
+++ ./os/osinit.c 2010-08-26 15:27:45.000000000 -0500
@@ -99,6 +99,14 @@
#ifdef macII
set42sig();
#endif
+#ifdef RLIMIT_AS
+#ifdef _XSERVER64
+#define XORG_AS_LIMIT 10737418240LL
+#else
+#define XORG_AS_LIMIT 1610612736
+#endif
+long limitAddressSpace = XORG_AS_LIMIT;
+#endif
if (!been_here) {
#if !defined(__SCO__) && !defined(__CYGWIN__) && !defined(__UNIXWARE__)
@@ -187,6 +195,22 @@
}
}
#endif
+#ifdef RLIMIT_AS
+ if (limitAddressSpace >= 0)
+ {
+ struct rlimit rlim;
+
+ if (!getrlimit(RLIMIT_AS, &rlim))
+ {
+ if ((limitAddressSpace > 0)
+ && (limitAddressSpace < rlim.rlim_max))
+ rlim.rlim_cur = limitAddressSpace;
+ else
+ rlim.rlim_cur = rlim.rlim_max;
+ (void)setrlimit(RLIMIT_AS, &rlim);
+ }
+ }
+#endif
LockServer();
been_here = TRUE;
}
--- ./include/opaque.h.orig 2009-07-07 12:48:58.000000000 -0500
+++ ./include/opaque.h 2010-08-26 15:49:31.000000000 -0500
@@ -67,6 +67,9 @@
#ifdef RLIMIT_NOFILE
extern int limitNoFile;
#endif
+#ifdef RLIMIT_AS
+extern long limitAddressSpace;
+#endif
extern Bool defeatAccessControl;
extern long maxBigRequestSize;
extern Bool party_like_its_1989;
--- ./doc/Xserver.man.pre.orig 2009-07-07 12:48:58.000000000 -0500
+++ ./doc/Xserver.man.pre 2010-08-26 15:27:45.000000000 -0500
@@ -293,6 +293,13 @@
A value of zero makes the stack size as large as possible. The default value
of \-1 leaves the stack space limit unchanged.
.TP 8
+.B \-la \fIkilobytes\fP
+sets the address space limit of the server to the specified number of
+kilobytes.
+A value of zero makes address space as large as possible.
+The default value is 1572864 (1.5GB) on 32 bit architectures and
+10485760 (10GB) on 64 bit architectures.
+.TP 8
.B \-logo
turns on the X Window System logo display in the screen-saver.
There is currently no way to change this from a client.
|
