From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Wed, 26 Mar 2008 17:11:53 +0000 (+0000)
Subject: It turns out the logic for getting AIX limits is more convoluted
X-Git-Tag: SUDO_1_7_0~139
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d7b4d7bc2a1487223c267d263f1bd636a065a785;p=sudo

It turns out the logic for getting AIX limits is more convoluted
than I realized and differs depending on whether the soft and/or
hard limits are defined.
---

diff --git a/aix.c b/aix.c
index ca9db5101..71a1b050b 100644
--- a/aix.c
+++ b/aix.c
@@ -66,12 +66,35 @@ aix_setlimits(user)
      * and set those values via setrlimit().  Must be run as euid 0.
      */
     for (n = 0; n < sizeof(aix_limits) / sizeof(aix_limits[0]); n++) {
-	if (getuserattr(user, aix_limits[n].soft, &i, SEC_INT) != 0)
-	    continue;
-	rlim.rlim_cur = i;
-	if (getuserattr(user, aix_limits[n].hard, &i, SEC_INT) != 0)
-	    continue;
-	rlim.rlim_max = i;
+	/*
+	 * We have two strategies, depending on whether or not the
+	 * hard limit has been defined.
+	 */
+	if (getuserattr(user, aix_limits[n].hard, &i, SEC_INT) == 0) {
+	    rlim.rlim_max = i == -1 ? RLIM_INFINITY : i;
+	    if (getuserattr(user, aix_limits[n].soft, &i, SEC_INT) == 0)
+		rlim.rlim_cur = i == -1 ? RLIM_INFINITY : i;
+	    else
+		rlim.rlim_cur = rlim.rlim_max;	/* soft not specd, use hard */
+	} else {
+	    /* No hard limit set, try soft limit. */
+	    if (getuserattr(user, aix_limits[n].soft, &i, SEC_INT) == 0)
+		rlim.rlim_cur = i == -1 ? RLIM_INFINITY : i;
+
+	    /* Set hard limit per AIX /etc/security/limits documentation. */
+	    switch (aix_limits[n].resource) {
+		case RLIMIT_CPU:
+		case RLIMIT_FSIZE:
+		    rlim.rlim_max = rlim.rlim_cur;
+		    break;
+		case RLIMIT_STACK:
+		    rlim.rlim_max = 0x400000;
+		    break;
+		default:
+		    rlim.rlim_max = RLIM_INFINITY;
+		    break;
+	    }
+	}
 	(void)setrlimit(aix_limits[n].resource, &rlim);
     }
 }