From: Todd C. Miller Date: Fri, 16 Jul 2010 17:59:44 +0000 (-0400) Subject: Restore RLIMIT_NPROC after the uid switch if it appears that runas_setup() X-Git-Tag: SUDO_1_7_4~66 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=16852420298e80ece7871fc36f7ec136fe39db61;p=sudo Restore RLIMIT_NPROC after the uid switch if it appears that runas_setup() did not do it for us. Fixes a bash script problem on SuSE with RLIMIT_NPROC set to RLIM_INFINITY. --HG-- branch : 1.7 --- diff --git a/sudo.c b/sudo.c index e9307d08d..ee8de96a1 100644 --- a/sudo.c +++ b/sudo.c @@ -140,6 +140,9 @@ extern char *errorfile; #if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL) static struct rlimit corelimit; #endif /* RLIMIT_CORE && !SUDO_DEVEL */ +#if defined(__linux__) +static struct rlimit nproclimit; +#endif #ifdef HAVE_LOGIN_CAP_H login_cap_t *lc; #endif /* HAVE_LOGIN_CAP_H */ @@ -876,6 +879,21 @@ exec_setup(flags, rbac_enabled, ttyname, ttyfd) } } + /* + * Restore nproc resource limit if pam_limits didn't do it for us. + * We must do this *after* the uid change to avoid potential EAGAIN + * from setuid(). + */ +#if defined(__linux__) + { + struct rlimit rl; + if (getrlimit(RLIMIT_NPROC, &rl) == 0) { + if (rl.rlim_cur == RLIM_INFINITY && rl.rlim_max == RLIM_INFINITY) + (void) setrlimit(RLIMIT_NPROC, &nproclimit); + } + } +#endif + rval = TRUE; done: @@ -1030,12 +1048,12 @@ initial_setup() * apply resource limits when changing uid and return EAGAIN if * nproc would be violated by the uid switch. */ + (void) getrlimit(RLIMIT_NPROC, &nproclimit); rl.rlim_cur = rl.rlim_max = RLIM_INFINITY; if (setrlimit(RLIMIT_NPROC, &rl)) { - if (getrlimit(RLIMIT_NPROC, &rl) == 0) { - rl.rlim_cur = rl.rlim_max; - (void)setrlimit(RLIMIT_NPROC, &rl); - } + memcpy(&rl, &nproclimit, sizeof(struct rlimit)); + rl.rlim_cur = rl.rlim_max; + (void)setrlimit(RLIMIT_NPROC, &rl); } #endif /* __linux__ */ #if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL)