isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Restore resource limits before executing the askpass program.

Browse Source 
Linux with docker seems to have issues executing a program when the
stack size is unlimited.  Bug #908
This commit is contained in:
Todd C. Miller
2019-11-11 16:07:43 -07:00
parent ad52ce6612
commit 4a893912ce
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/tgetpass.c
View File

@@ -320,6 +320,10 @@ sudo_askpass(const char *askpass, const char *prompt)
sudo_warn("setuid(%d)", ROOT_UID); sudo_warn("setuid(%d)", ROOT_UID);
/* Close fds before uid change to prevent prlimit sabotage on Linux. */ /* Close fds before uid change to prevent prlimit sabotage on Linux. */
closefrom(STDERR_FILENO + 1); closefrom(STDERR_FILENO + 1);
/* Run the askpass program with the user's original resource limits. */
restore_limits();
/* But avoid a setuid() failure on Linux due to RLIMIT_NPROC. */
unlimit_nproc();
if (setgid(user_details.gid)) { if (setgid(user_details.gid)) {
sudo_warn(U_("unable to set gid to %u"), (unsigned int)user_details.gid); sudo_warn(U_("unable to set gid to %u"), (unsigned int)user_details.gid);
_exit(255); _exit(255);
@@ -328,6 +332,7 @@ sudo_askpass(const char *askpass, const char *prompt)
sudo_warn(U_("unable to set uid to %u"), (unsigned int)user_details.uid); sudo_warn(U_("unable to set uid to %u"), (unsigned int)user_details.uid);
_exit(255); _exit(255);
} }
restore_nproc();
execl(askpass, askpass, prompt, (char *)NULL); execl(askpass, askpass, prompt, (char *)NULL);
sudo_warn(U_("unable to run %s"), askpass); sudo_warn(U_("unable to run %s"), askpass);
_exit(255); _exit(255);