Restore RLIMIT_NPROC after the uid switch if it appears that runas_setup()

did not do it for us.  Fixes a bash script problem on SuSE with RLIMIT_NPROC
set to RLIM_INFINITY.

--HG--
branch : 1.7

diff --git a/sudo.c b/sudo.c
index e9307d08db103be51a0461cee4c02cbf7ffe9082..ee8de96a19569b705c32e569b48bd533b83c6415 100644 (file)
--- a/sudo.c
+++ b/sudo.c
@@ -140,6 +140,9 @@ extern char *errorfile;
 #if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL)
 static struct rlimit corelimit;
 #endif /* RLIMIT_CORE && !SUDO_DEVEL */
+#if defined(__linux__)
+static struct rlimit nproclimit;
+#endif
 #ifdef HAVE_LOGIN_CAP_H
 login_cap_t *lc;
 #endif /* HAVE_LOGIN_CAP_H */
@@ -876,6 +879,21 @@ exec_setup(flags, rbac_enabled, ttyname, ttyfd)
        }
     }
 
+    /*
+     * Restore nproc resource limit if pam_limits didn't do it for us.
+     * We must do this *after* the uid change to avoid potential EAGAIN
+     * from setuid().
+     */
+#if defined(__linux__)
+    {
+       struct rlimit rl;
+       if (getrlimit(RLIMIT_NPROC, &rl) == 0) {
+           if (rl.rlim_cur == RLIM_INFINITY && rl.rlim_max == RLIM_INFINITY)
+               (void) setrlimit(RLIMIT_NPROC, &nproclimit);
+       }
+    }
+#endif
+
     rval = TRUE;
 
 done:
@@ -1030,12 +1048,12 @@ initial_setup()
      * apply resource limits when changing uid and return EAGAIN if
      * nproc would be violated by the uid switch.
      */
+    (void) getrlimit(RLIMIT_NPROC, &nproclimit);
     rl.rlim_cur = rl.rlim_max = RLIM_INFINITY;
     if (setrlimit(RLIMIT_NPROC, &rl)) {
-       if (getrlimit(RLIMIT_NPROC, &rl) == 0) {
-           rl.rlim_cur = rl.rlim_max;
-           (void)setrlimit(RLIMIT_NPROC, &rl);
-       }
+       memcpy(&rl, &nproclimit, sizeof(struct rlimit));
+       rl.rlim_cur = rl.rlim_max;
+       (void)setrlimit(RLIMIT_NPROC, &rl);
     }
 #endif /* __linux__ */
 #if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL)