macOS does not allow rlim_cur to be set to RLIM_INFINITY for RLIMIT_NOFILE.

We need to use OPEN_MAX instead as per the macOS setrlimit manual.
Bug #904

src/limits.c

@@ -37,11 +37,17 @@
 #ifdef __linux__
 # include <sys/prctl.h>
 #endif
+#include <limits.h>
 
 #include "sudo.h"
 
+#ifndef OPEN_MAX
+# define OPEN_MAX 256
+#endif
+
 static struct saved_limit {
     int resource;
+    rlim_t fallback;
     bool saved;
     struct rlimit limit;
 } saved_limits[] = {
@@ -51,7 +57,7 @@ static struct saved_limit {
     { RLIMIT_CPU },
     { RLIMIT_DATA },
     { RLIMIT_FSIZE },
-    { RLIMIT_NOFILE },
+    { RLIMIT_NOFILE, OPEN_MAX },
 #ifdef RLIMIT_NPROC
     { RLIMIT_NPROC },
 #endif
@@ -162,6 +168,7 @@ unlimit_sudo(void)
 {
     struct rlimit inf = { RLIM_INFINITY, RLIM_INFINITY };
     unsigned int idx;
+    int rc;
     debug_decl(unlimit_sudo, SUDO_DEBUG_UTIL)
 
     /* Set resource limits to unlimited and stash the old values. */
@@ -172,9 +179,19 @@ unlimit_sudo(void)
 	lim->saved = true;
 	if (setrlimit(lim->resource, &inf) == -1) {
 	    struct rlimit rl = lim->limit;
-	    rl.rlim_cur = rl.rlim_max;
+	    rl.rlim_cur = MAX(rl.rlim_max, lim->fallback);
-	    if (setrlimit(lim->resource, &rl) == -1)
+	    if ((rc = setrlimit(lim->resource, &rl)) == -1) {
-		sudo_warn("setrlimit(%d)", lim->resource);
+		if (lim->fallback != 0) {
+		    /* macOS won't set rlim_cur to RLIM_INFINITY for NOFILE */
+		    rc = 0;
+		    if (lim->fallback > lim->limit.rlim_cur) {
+			rl.rlim_cur = lim->fallback;
+			rc = setrlimit(lim->resource, &rl);
+		    }
+		}
+		if (rc == -1)
+		    sudo_warn("setrlimit(%d)", lim->resource);
+	    }
 	}
     }