From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Sun, 27 Jan 2008 21:34:41 +0000 (+0000)
Subject: Unlimit nproc on Linux systems where calling the setuid() family
X-Git-Tag: SUDO_1_7_0~205
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=72656eaf3bd98cc8925980aca0049ee30d8d2c00;p=sudo

Unlimit nproc on Linux systems where calling the setuid() family
of syscalls causes the nroc resource limit to be checked.  The
limits will be reset by pam_limits.so when PAM is used.  In the
non-PAM case the nproc limit will remain unlimited but there doesn't
seem to be a way around that other than having sudo parse
/etc/security/limits.conf directly.
---

diff --git a/sudo.c b/sudo.c
index 39f71eb4f..3e45c02cb 100644
--- a/sudo.c
+++ b/sudo.c
@@ -1101,9 +1101,25 @@ static void
 initial_setup()
 {
     int miss[3], devnull = -1;
-#if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL)
+#if defined(__linux__) || (defined(RLIMIT_CORE) && !defined(SUDO_DEVEL))
     struct rlimit rl;
+#endif
 
+#if defined(__linux__)
+    /*
+     * Unlimit the number of processes since Linux's setuid() will
+     * apply resource limits when changing uid and return EAGAIN if
+     * nproc would be violated by the uid switch.
+     */
+    rl.rlim_cur = rl.rlim_max = RLIM_INFINITY;
+    if (setrlimit(RLIMIT_NPROC, &rl)) {
+	if (getrlimit(RLIMIT_NPROC, &rl) == 0) {
+	    rl.rlim_cur = rl.rlim_max;
+	    (void)setrlimit(RLIMIT_NPROC, &rl);
+	}
+    }
+#endif /* __linux__ */
+#if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL)
     /*
      * Turn off core dumps.
      */