Update.

1999-06-14  Thorsten Kukuk  <kukuk@suse.de>

	* nscd/connections.c (handle_request): Only root is allowed to
	send GETSTAT request in non secure mode.
	* nscd/nscd.c: Print error message if other then root try to
	use getstat.

1999-06-15  Andreas Jaeger  <aj@arthur.rhein-neckar.de>

	* sysdeps/unix/sysv/linux/alpha/syscalls.list: Add __sysctl.

1999-06-15  Andreas Jaeger  <aj@arthur.rhein-neckar.de>

	* manual/time.texi (Limits on Resources): Describe RLIMIT_AS.
	Closes PR libc/1164, reported by sascha@schumann.2ns.de.

ChangeLog

@@ -1,3 +1,19 @@
+1999-06-14  Thorsten Kukuk  <kukuk@suse.de>
+
+	* nscd/connections.c (handle_request): Only root is allowed to
+	send GETSTAT request in non secure mode.
+	* nscd/nscd.c: Print error message if other then root try to
+	use getstat.
+
+1999-06-15  Andreas Jaeger  <aj@arthur.rhein-neckar.de>
+
+	* sysdeps/unix/sysv/linux/alpha/syscalls.list: Add __sysctl.
+
+1999-06-15  Andreas Jaeger  <aj@arthur.rhein-neckar.de>
+
+	* manual/time.texi (Limits on Resources): Describe RLIMIT_AS.
+	Closes PR libc/1164, reported by sascha@schumann.2ns.de.
+
 1999-06-13  Andreas Schwab  <schwab@issan.cs.uni-dortmund.de>
 
 	* sysdeps/generic/strchr.c: Include <memcopy.h> and use reg_char

manual/time.texi

@@ -2551,6 +2551,15 @@ open more files than this, it gets error code @code{EMFILE}.
 @xref{Error Codes}.  Not all systems support this limit; GNU does, and
 4.4 BSD does.
 
+@comment sys/resource.h
+@comment Unix98
+@item RLIMIT_AS
+@vindex RLIMIT_AS
+The maximum size of total memory that this process should get.  If the
+process tries to allocate more memory beyond this amount with, for
+example, @code{brk}, @code{malloc}, @code{mmap} or @code{sbrk}, the
+allocation function fails.
+
 @comment sys/resource.h
 @comment BSD
 @item RLIM_NLIMITS

nscd/connections.c

@@ -311,13 +311,15 @@ cannot handle old request version %d; current version is %d"),
       break;
 
     case GETSTAT:
-      send_stats (fd, dbs);
-      break;
-
     case SHUTDOWN:
-      /* Accept shutdown only from root */
+      /* Accept shutdown and getstat only from root */
       if (secure_in_use && uid == 0)
-	termination_handler (0);
+	{
+	  if (req->type == GETSTAT)
+	    send_stats (fd, dbs);
+	  else
+	    termination_handler (0);
+	}
       else
 	{
 	  struct ucred caller;
@@ -330,8 +332,14 @@ cannot handle old request version %d; current version is %d"),
 	      dbg_log (_("error getting callers id: %s"),
 		       strerror_r (errno, buf, sizeof (buf)));
 	    }
-	  else if (caller.uid == 0)
-	    termination_handler (0);
+	  else
+	    if (caller.uid == 0)
+	      {
+		if (req->type == GETSTAT)
+		  send_stats (fd, dbs);
+		else
+		  termination_handler (0);
+	      }
 	}
       break;
 

nscd/nscd.c

@@ -205,6 +205,8 @@ parse_opt (int key, char *arg, struct argp_state *state)
       }
 
     case 'g':
+      if (getuid () != 0)
+	error (EXIT_FAILURE, 0, _("Only root is allowed to use this option!"));
       receive_print_stats ();
       /* Does not return.  */
 

sysdeps/unix/sysv/linux/alpha/syscalls.list

@@ -55,7 +55,7 @@ setsockopt	-	setsockopt	5	__setsockopt	setsockopt
 shutdown	-	shutdown	2	__shutdown	shutdown
 socket		-	socket		3	__socket	socket
 socketpair	-	socketpair	4	__socketpair	socketpair
-sysctl		-	_sysctl		6	sysctl
+sysctl		-	_sysctl		6	__sysctl	sysctl
 
 getresuid	-	getresuid	3	getresuid
 getresgid	-	getresgid	3	getresgid