1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
--- ./os/osinit.c.orig 2010-04-20 21:00:27.000000000 -0500
+++ ./os/osinit.c 2010-08-20 12:25:00.116604519 -0500
@@ -96,6 +96,14 @@
#ifdef RLIMIT_NOFILE
int limitNoFile = -1;
#endif
+#ifdef RLIMIT_AS
+#ifdef _XSERVER64
+#define XORG_AS_LIMIT 10737418240LL
+#else
+#define XORG_AS_LIMIT 1610612736
+#endif
+long limitAddressSpace = XORG_AS_LIMIT;
+#endif
static OsSigWrapperPtr OsSigWrapper = NULL;
@@ -302,6 +310,22 @@
}
}
#endif
+#ifdef RLIMIT_AS
+ if (limitAddressSpace >= 0)
+ {
+ struct rlimit rlim;
+
+ if (!getrlimit(RLIMIT_AS, &rlim))
+ {
+ if ((limitAddressSpace > 0)
+ && (limitAddressSpace < rlim.rlim_max))
+ rlim.rlim_cur = limitAddressSpace;
+ else
+ rlim.rlim_cur = rlim.rlim_max;
+ (void)setrlimit(RLIMIT_AS, &rlim);
+ }
+ }
+#endif
LockServer();
been_here = TRUE;
}
--- ./os/utils.c.orig 2010-05-03 19:48:00.000000000 -0500
+++ ./os/utils.c 2010-08-20 12:26:06.448480889 -0500
@@ -63,6 +63,36 @@
__stdcall unsigned long GetTickCount(void);
#endif
+/*
+ * issetugid()
+ *
+ * Copyright (C) - 2007 Robert Connolly
+ *
+ * Permission to reproduce, copy, delete, distribute, transmit, use, modify,
+ * build upon or otherwise exploit this software, in any form, for any
+ * purpose, in any way, and by anyone, including by methods that have not
+ * yet been invented or conceived, is hereby granted.
+ */
+#include <unistd.h>
+extern int __libc_enable_secure;
+int issetugid(void)
+{
+ if (__libc_enable_secure)
+ {
+ return 1;
+ }
+ if (getuid() != geteuid())
+ {
+ return 1;
+ }
+ if (getgid() != getegid())
+ {
+ return 1;
+ }
+ /* Else */
+ return 0;
+}
+
#if defined(WIN32) && !defined(__CYGWIN__)
#include <X11/Xwinsock.h>
#endif
@@ -758,6 +788,22 @@
UseMsg();
}
#endif
+#ifdef RLIMIT_AS
+ else if ( strcmp( argv[i], "-la") == 0)
+ {
+ if (getuid() != 0 && issetugid()) {
+ FatalError("The '-la' option can only be used by root.\n");
+ }
+ if(++i < argc)
+ {
+ limitAddressSpace = atol(argv[i]);
+ if (limitAddressSpace > 0)
+ limitAddressSpace *= 1024;
+ }
+ else
+ UseMsg();
+ }
+#endif
#ifdef SERVER_LOCK
else if ( strcmp ( argv[i], "-nolock") == 0)
{
--- ./doc/Xserver.man.pre.orig 2010-05-03 19:47:58.000000000 -0500
+++ ./doc/Xserver.man.pre 2010-08-20 12:25:00.116604519 -0500
@@ -293,6 +293,13 @@
A value of zero makes the stack size as large as possible. The default value
of \-1 leaves the stack space limit unchanged.
.TP 8
+.B \-la \fIkilobytes\fP
+sets the address space limit of the server to the specified number of
+kilobytes.
+A value of zero makes address space as large as possible.
+The default value is 1572864 (1.5GB) on 32 bit architectures and
+10485760 (10GB) on 64 bit architectures.
+.TP 8
.B \-logo
turns on the X Window System logo display in the screen-saver.
There is currently no way to change this from a client.
--- ./include/opaque.h.orig 2010-04-20 21:00:27.000000000 -0500
+++ ./include/opaque.h 2010-08-20 12:25:00.116604519 -0500
@@ -67,6 +67,9 @@
#ifdef RLIMIT_NOFILE
extern _X_EXPORT int limitNoFile;
#endif
+#ifdef RLIMIT_AS
+extern _X_EXPORT int limitAddressSpace;
+#endif
extern _X_EXPORT Bool defeatAccessControl;
extern _X_EXPORT long maxBigRequestSize;
extern _X_EXPORT Bool party_like_its_1989;
|
