Restore core dump resource limit before the PAM session module is run.

Otherwise, we may override the limits set by PAM.
Bug #894

diff --git a/src/exec.c b/src/exec.c
index 8acbf9ec1614941902dba99dd6a360b681788eae..2c663168d8e8ba44b9604bdbbf5d4264ee4ff0d3 100644 (file)
--- a/src/exec.c
+++ b/src/exec.c
@@ -119,10 +119,6 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
     }
 #endif
 
-    /* Restore coredumpsize resource limit before running. */
-    if (sudo_conf_disable_coredump())
-       disable_coredump(true);
-
     if (details->pw != NULL) {
 #ifdef HAVE_PROJECT_H
        set_project(details->pw);
@@ -410,6 +406,13 @@ sudo_execute(struct command_details *details, struct command_status *cstat)
        }
     }
 
+    /*
+     * Restore coredumpsize resource limit before running.
+     * We must do this *before* calling the PAM session module.
+     */
+    if (sudo_conf_disable_coredump())
+       disable_coredump(true);
+
     /*
      * Run the command in a new pty if there is an I/O plugin or the policy
      * has requested a pty.  If /dev/tty is unavailable and no I/O plugin