Restore core dump resource limit before the PAM session module is run.

Otherwise, we may override the limits set by PAM. Bug #894
2019-08-20 07:25:53 -06:00
parent b98b82e4a2
commit 5e692576c9
1 changed files with 7 additions and 4 deletions
--- a/src/exec.c
+++ b/src/exec.c
@@ -119,10 +119,6 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
    }
 #endif

-    /* Restore coredumpsize resource limit before running. */
-    if (sudo_conf_disable_coredump())
-	disable_coredump(true);
-
    if (details->pw != NULL) {
 #ifdef HAVE_PROJECT_H
 	set_project(details->pw);
@@ -410,6 +406,13 @@ sudo_execute(struct command_details *details, struct command_status *cstat)
 	}
    }

+    /*
+     * Restore coredumpsize resource limit before running.
+     * We must do this *before* calling the PAM session module.
+     */
+    if (sudo_conf_disable_coredump())
+	disable_coredump(true);
+
    /*
     * Run the command in a new pty if there is an I/O plugin or the policy
     * has requested a pty.  If /dev/tty is unavailable and no I/O plugin