[PATCH v2 0/2] increasing delays after invalid login attempts (no PAM)
Hemmo Nieminen
hemmo.nieminen at iki.fi
Mon May 17 12:22:40 UTC 2021
Hello,
Decided to give this one another shot.
Simplified the actual tallying functions and got the size down a bit.
Perhaps its still too much but I thought I'd share this anyways since I've
got this written down already.
Unlike in v1, the tally files hold only a single number now and don't need
locking. Each user (i.e. TTY) now uses its own tally file.
Moved login's tally file(s) from /tmp to /run/login/.
Tallying can be enabled/disabled from the config both from the libbb (the
generic tallying functionality) and from login (whether or not to tally
failed login attempts).
Got the following from bloatcheck:
function old new delta
bb_tally_add - 275 +275
login_main 1302 1483 +181
bb_tally_reset - 104 +104
.rodata 98154 98184 +30
pause_after_failed_login 10 37 +27
pause_reset_after_successful_login - 11 +11
vlock_main 404 406 +2
sulogin_main 329 331 +2
su_main 581 583 +2
passwd_main 1110 1112 +2
------------------------------------------------------------------------------
(add/remove: 4/0 grow/shrink: 7/0 up/down: 636/0) Total: 636 bytes
Hemmo Nieminen (2):
libbb: add support for tallying with files
login: improve login delays after invalid attempts
include/libbb.h | 11 +++-
libbb/Config.src | 6 ++
libbb/Kbuild.src | 1 +
libbb/bb_do_delay.c | 32 ++++++----
libbb/bb_tally.c | 137 +++++++++++++++++++++++++++++++++++++++++++
loginutils/login.c | 53 ++++++++++++++++-
loginutils/passwd.c | 2 +-
loginutils/su.c | 2 +-
loginutils/sulogin.c | 2 +-
loginutils/vlock.c | 2 +-
10 files changed, 231 insertions(+), 17 deletions(-)
create mode 100644 libbb/bb_tally.c
--
2.31.1
More information about the busybox
mailing list