isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Document resource limit support in command_info[] and Bump plugin API minor.

Browse Source 
This is supported beginning with sudo 1.9.9 and plugin API 1.17.
This commit is contained in:
Todd C. Miller
2021-11-09 12:57:25 -07:00
parent 19065cb221
commit 7c8746bc70
4 changed files with 360 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

186
doc/sudo_plugin.man.in
View File

@@ -16,7 +16,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH "SUDO_PLUGIN" "5" "September 17, 2021" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.TH "SUDO_PLUGIN" "5" "November 8, 2021" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -1162,6 +1162,185 @@ will preserve the user's group vector instead of
initializing the group vector based on
\fRrunas_user\fR.
.TP 6n
rlimit_as=soft,hard
The maximum size to which the process's address space may grow (in bytes),
if supported by the operating system.
The soft and hard limits are separated by a comma.
If only a single value is specified, both the hard and soft limits are set.
A value of
\(lqinfinity\(rq
indicates that there is no limit.
A value of
\(lquser\(rq
will cause the invoking user's resource limit to be preserved.
A value of
\(lqdefault\(rq
will cause the target user's default resource limit to be used
on systems that allow per-user resource limits to be configured.
Only available starting with API version 1.17.
.TP 6n
rlimit_core=soft,hard
The largest size core dump file that may be created (in bytes).
The soft and hard limits are separated by a comma.
If only a single value is specified, both the hard and soft limits are set.
A value of
\(lqinfinity\(rq
indicates that there is no limit.
A value of
\(lquser\(rq
will cause the invoking user's resource limit to be preserved.
A value of
\(lqdefault\(rq
will cause the target user's default resource limit to be used
on systems that allow per-user resource limits to be configured.
Only available starting with API version 1.17.
.TP 6n
rlimit_cpu=soft,hard
The maximum amount of CPU time that the process may use (in seconds).
The soft and hard limits are separated by a comma.
If only a single value is specified, both the hard and soft limits are set.
A value of
\(lqinfinity\(rq
indicates that there is no limit.
A value of
\(lquser\(rq
will cause the invoking user's resource limit to be preserved.
A value of
\(lqdefault\(rq
will cause the target user's default resource limit to be used
on systems that allow per-user resource limits to be configured.
Only available starting with API version 1.17.
.TP 6n
rlimit_data=soft,hard
The maximum size of the data segment for the process (in bytes).
The soft and hard limits are separated by a comma.
If only a single value is specified, both the hard and soft limits are set.
A value of
\(lqinfinity\(rq
indicates that there is no limit.
A value of
\(lquser\(rq
will cause the invoking user's resource limit to be preserved.
A value of
\(lqdefault\(rq
will cause the target user's default resource limit to be used
on systems that allow per-user resource limits to be configured.
Only available starting with API version 1.17.
.TP 6n
rlimit_fsize=soft,hard
The largest size file that the process may create (in bytes).
The soft and hard limits are separated by a comma.
If only a single value is specified, both the hard and soft limits are set.
A value of
\(lqinfinity\(rq
indicates that there is no limit.
A value of
\(lquser\(rq
will cause the invoking user's resource limit to be preserved.
A value of
\(lqdefault\(rq
will cause the target user's default resource limit to be used
on systems that allow per-user resource limits to be configured.
Only available starting with API version 1.17.
.TP 6n
rlimit_locks=soft,hard
The maximum number of locks that the process may establish,
if supported by the operating system.
The soft and hard limits are separated by a comma.
If only a single value is specified, both the hard and soft limits are set.
A value of
\(lqinfinity\(rq
indicates that there is no limit.
A value of
\(lquser\(rq
will cause the invoking user's resource limit to be preserved.
A value of
\(lqdefault\(rq
will cause the target user's default resource limit to be used
on systems that allow per-user resource limits to be configured.
Only available starting with API version 1.17.
.TP 6n
rlimit_memlock=soft,hard
The maximum size that the process may lock in memory (in bytes),
if supported by the operating system.
The soft and hard limits are separated by a comma.
If only a single value is specified, both the hard and soft limits are set.
A value of
\(lqinfinity\(rq
indicates that there is no limit.
A value of
\(lquser\(rq
will cause the invoking user's resource limit to be preserved.
A value of
\(lqdefault\(rq
will cause the target user's default resource limit to be used
on systems that allow per-user resource limits to be configured.
Only available starting with API version 1.17.
.TP 6n
rlimit_nofile=soft,hard
The maximum number of files that the process may have open.
The soft and hard limits are separated by a comma.
If only a single value is specified, both the hard and soft limits are set.
A value of
\(lqinfinity\(rq
indicates that there is no limit.
A value of
\(lquser\(rq
will cause the invoking user's resource limit to be preserved.
A value of
\(lqdefault\(rq
will cause the target user's default resource limit to be used
on systems that allow per-user resource limits to be configured.
Only available starting with API version 1.17.
.TP 6n
rlimit_nproc=soft,hard
The maximum number of processes that the user may run simultaneously.
The soft and hard limits are separated by a comma.
If only a single value is specified, both the hard and soft limits are set.
A value of
\(lqinfinity\(rq
indicates that there is no limit.
A value of
\(lquser\(rq
will cause the invoking user's resource limit to be preserved.
A value of
\(lqdefault\(rq
will cause the target user's default resource limit to be used
on systems that allow per-user resource limits to be configured.
Only available starting with API version 1.17.
.TP 6n
rlimit_rss=soft,hard
The maximum size to which the process's resident set size may grow (in bytes).
The soft and hard limits are separated by a comma.
If only a single value is specified, both the hard and soft limits are set.
A value of
\(lqinfinity\(rq
indicates that there is no limit.
A value of
\(lquser\(rq
will cause the invoking user's resource limit to be preserved.
A value of
\(lqdefault\(rq
will cause the target user's default resource limit to be used
on systems that allow per-user resource limits to be configured.
Only available starting with API version 1.17.
.TP 6n
rlimit_stack=soft,hard
The maximum size to which the process's stack may grow (in bytes).
The soft and hard limits are separated by a comma.
If only a single value is specified, both the hard and soft limits are set.
A value of
\(lqinfinity\(rq
indicates that there is no limit.
A value of
\(lquser\(rq
will cause the invoking user's resource limit to be preserved.
A value of
\(lqdefault\(rq
will cause the target user's default resource limit to be used
on systems that allow per-user resource limits to be configured.
Only available starting with API version 1.17.
.TP 6n
runas_egid=gid
Effective group-ID to run the command as.
If not specified, the value of
@@ -5109,6 +5288,11 @@ Version 1.17 (sudo 1.9.4)
The
\fIevent_alloc\fR
field was added to the audit_plugin and approval_plugin structs.
.TP 6n
Version 1.18 (sudo 1.9.9)
The policy may now set resource limit values in the
\fRcommand_info\fR
list.
.SH "SEE ALSO"
sudo.conf(@mansectform@),
sudoers(@mansectform@),

174
doc/sudo_plugin.mdoc.in
View File

@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd September 17, 2021
.Dd November 8, 2021
.Dt SUDO_PLUGIN @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -1034,6 +1034,174 @@ If set,
will preserve the user's group vector instead of
initializing the group vector based on
.Li runas_user .
.It rlimit_as=soft,hard
The maximum size to which the process's address space may grow (in bytes),
if supported by the operating system.
The soft and hard limits are separated by a comma.
If only a single value is specified, both the hard and soft limits are set.
A value of
.Dq infinity
indicates that there is no limit.
A value of
.Dq user
will cause the invoking user's resource limit to be preserved.
A value of
.Dq default
will cause the target user's default resource limit to be used
on systems that allow per-user resource limits to be configured.
Only available starting with API version 1.17.
.It rlimit_core=soft,hard
The largest size core dump file that may be created (in bytes).
The soft and hard limits are separated by a comma.
If only a single value is specified, both the hard and soft limits are set.
A value of
.Dq infinity
indicates that there is no limit.
A value of
.Dq user
will cause the invoking user's resource limit to be preserved.
A value of
.Dq default
will cause the target user's default resource limit to be used
on systems that allow per-user resource limits to be configured.
Only available starting with API version 1.17.
.It rlimit_cpu=soft,hard
The maximum amount of CPU time that the process may use (in seconds).
The soft and hard limits are separated by a comma.
If only a single value is specified, both the hard and soft limits are set.
A value of
.Dq infinity
indicates that there is no limit.
A value of
.Dq user
will cause the invoking user's resource limit to be preserved.
A value of
.Dq default
will cause the target user's default resource limit to be used
on systems that allow per-user resource limits to be configured.
Only available starting with API version 1.17.
.It rlimit_data=soft,hard
The maximum size of the data segment for the process (in bytes).
The soft and hard limits are separated by a comma.
If only a single value is specified, both the hard and soft limits are set.
A value of
.Dq infinity
indicates that there is no limit.
A value of
.Dq user
will cause the invoking user's resource limit to be preserved.
A value of
.Dq default
will cause the target user's default resource limit to be used
on systems that allow per-user resource limits to be configured.
Only available starting with API version 1.17.
.It rlimit_fsize=soft,hard
The largest size file that the process may create (in bytes).
The soft and hard limits are separated by a comma.
If only a single value is specified, both the hard and soft limits are set.
A value of
.Dq infinity
indicates that there is no limit.
A value of
.Dq user
will cause the invoking user's resource limit to be preserved.
A value of
.Dq default
will cause the target user's default resource limit to be used
on systems that allow per-user resource limits to be configured.
Only available starting with API version 1.17.
.It rlimit_locks=soft,hard
The maximum number of locks that the process may establish,
if supported by the operating system.
The soft and hard limits are separated by a comma.
If only a single value is specified, both the hard and soft limits are set.
A value of
.Dq infinity
indicates that there is no limit.
A value of
.Dq user
will cause the invoking user's resource limit to be preserved.
A value of
.Dq default
will cause the target user's default resource limit to be used
on systems that allow per-user resource limits to be configured.
Only available starting with API version 1.17.
.It rlimit_memlock=soft,hard
The maximum size that the process may lock in memory (in bytes),
if supported by the operating system.
The soft and hard limits are separated by a comma.
If only a single value is specified, both the hard and soft limits are set.
A value of
.Dq infinity
indicates that there is no limit.
A value of
.Dq user
will cause the invoking user's resource limit to be preserved.
A value of
.Dq default
will cause the target user's default resource limit to be used
on systems that allow per-user resource limits to be configured.
Only available starting with API version 1.17.
.It rlimit_nofile=soft,hard
The maximum number of files that the process may have open.
The soft and hard limits are separated by a comma.
If only a single value is specified, both the hard and soft limits are set.
A value of
.Dq infinity
indicates that there is no limit.
A value of
.Dq user
will cause the invoking user's resource limit to be preserved.
A value of
.Dq default
will cause the target user's default resource limit to be used
on systems that allow per-user resource limits to be configured.
Only available starting with API version 1.17.
.It rlimit_nproc=soft,hard
The maximum number of processes that the user may run simultaneously.
The soft and hard limits are separated by a comma.
If only a single value is specified, both the hard and soft limits are set.
A value of
.Dq infinity
indicates that there is no limit.
A value of
.Dq user
will cause the invoking user's resource limit to be preserved.
A value of
.Dq default
will cause the target user's default resource limit to be used
on systems that allow per-user resource limits to be configured.
Only available starting with API version 1.17.
.It rlimit_rss=soft,hard
The maximum size to which the process's resident set size may grow (in bytes).
The soft and hard limits are separated by a comma.
If only a single value is specified, both the hard and soft limits are set.
A value of
.Dq infinity
indicates that there is no limit.
A value of
.Dq user
will cause the invoking user's resource limit to be preserved.
A value of
.Dq default
will cause the target user's default resource limit to be used
on systems that allow per-user resource limits to be configured.
Only available starting with API version 1.17.
.It rlimit_stack=soft,hard
The maximum size to which the process's stack may grow (in bytes).
The soft and hard limits are separated by a comma.
If only a single value is specified, both the hard and soft limits are set.
A value of
.Dq infinity
indicates that there is no limit.
A value of
.Dq user
will cause the invoking user's resource limit to be preserved.
A value of
.Dq default
will cause the target user's default resource limit to be used
on systems that allow per-user resource limits to be configured.
Only available starting with API version 1.17.
.It runas_egid=gid
Effective group-ID to run the command as.
If not specified, the value of
@@ -4515,6 +4683,10 @@ list.
The
.Em event_alloc
field was added to the audit_plugin and approval_plugin structs.
.It Version 1.18 (sudo 1.9.9)
The policy may now set resource limit values in the
.Li command_info
list.
.El
.Sh SEE ALSO
.Xr sudo.conf @mansectform@ ,

2
include/sudo_plugin.h
View File

@@ -21,7 +21,7 @@
/* API version major/minor */
#define SUDO_API_VERSION_MAJOR 1
#define SUDO_API_VERSION_MINOR 17
#define SUDO_API_VERSION_MINOR 18
#define SUDO_API_MKVERSION(x, y) (((x) << 16) | (y))
#define SUDO_API_VERSION SUDO_API_MKVERSION(SUDO_API_VERSION_MAJOR, SUDO_API_VERSION_MINOR)

2
src/exec.c
View File

@@ -314,7 +314,7 @@ sudo_terminated(struct command_status *cstat)
debug_return_bool(false);
}
#if SUDO_API_VERSION != SUDO_API_MKVERSION(1, 17)
#if SUDO_API_VERSION != SUDO_API_MKVERSION(1, 18)
# error "Update sudo_needs_pty() after changing the plugin API"
#endif
static bool