base/SOURCES/sudo-1.8.6p3-nprocfix.patch

diff -up sudo-1.8.6p3/src/exec.c.nprocfix sudo-1.8.6p3/src/exec.c
--- sudo-1.8.6p3/src/exec.c.nprocfix	2013-07-11 12:55:10.686308050 +0200
+++ sudo-1.8.6p3/src/exec.c	2013-07-11 12:54:21.159160553 +0200
@@ -132,6 +132,15 @@ static int fork_cmnd(struct command_deta
     if (policy_init_session(details) != true)
 	errorx(1, _("policy plugin failed session initialization"));
 
+    /*
+     * See the comment in unlimit_nproc. It is important to call
+     * this function AFTER policy_init_session, because the PAM
+     * subsystem, if used, may change the RLIMIT_NPROC limit to
+     * unlimited (infinity) and we would not be able to distinguish
+     * between our temporary change and the change done by PAM.
+     */
+    unlimit_nproc();
+
     cmnd_pid = sudo_debug_fork();
     switch (cmnd_pid) {
     case -1:
diff -up sudo-1.8.6p3/src/exec_pty.c.nprocfix sudo-1.8.6p3/src/exec_pty.c
--- sudo-1.8.6p3/src/exec_pty.c.nprocfix	2012-09-18 15:57:43.000000000 +0200
+++ sudo-1.8.6p3/src/exec_pty.c	2013-07-11 12:37:41.811202301 +0200
@@ -678,6 +678,15 @@ fork_pty(struct command_details *details
 	errorx(1, _("policy plugin failed session initialization"));
 
     /*
+     * See the comment in unlimit_nproc. It is important to call
+     * this function AFTER policy_init_session, because the PAM
+     * subsystem, if used, may change the RLIMIT_NPROC limit to
+     * unlimited (infinity) and we would not be able to distinguish
+     * between our temporary change and the change done by PAM.
+     */
+    unlimit_nproc();
+
+    /*
      * Block some signals until cmnd_pid is set in the parent to avoid a
      * race between exec of the command and receipt of a fatal signal from it.
      */
diff -up sudo-1.8.6p3/src/sudo.c.nprocfix sudo-1.8.6p3/src/sudo.c
--- sudo-1.8.6p3/src/sudo.c.nprocfix	2013-07-11 12:37:41.767202170 +0200
+++ sudo-1.8.6p3/src/sudo.c	2013-07-11 12:37:41.811202301 +0200
@@ -808,25 +808,11 @@ sudo_check_suid(const char *path)
 static void
 disable_coredumps(void)
 {
-#if defined(__linux__) || defined(RLIMIT_CORE)
-    struct rlimit rl;
+#if defined(RLIMIT_CORE)
+		struct rlimit rl;
 #endif
     debug_decl(disable_coredumps, SUDO_DEBUG_UTIL)
 
-#if defined(__linux__)
-    /*
-     * Unlimit the number of processes since Linux's setuid() will
-     * apply resource limits when changing uid and return EAGAIN if
-     * nproc would be violated by the uid switch.
-     */
-    (void) getrlimit(RLIMIT_NPROC, &nproclimit);
-    rl.rlim_cur = rl.rlim_max = RLIM_INFINITY;
-    if (setrlimit(RLIMIT_NPROC, &rl)) {
-	memcpy(&rl, &nproclimit, sizeof(struct rlimit));
-	rl.rlim_cur = rl.rlim_max;
-	(void)setrlimit(RLIMIT_NPROC, &rl);
-    }
-#endif /* __linux__ */
 #ifdef RLIMIT_CORE
     /*
      * Turn off core dumps?
@@ -841,6 +827,28 @@ disable_coredumps(void)
     debug_return;
 }
 
+void
+unlimit_nproc(void)
+{
+	debug_decl(unlimit_nproc, SUDO_DEBUG_UTIL)
+#if defined(__linux__)
+		struct rlimit rl;
+	/*
+    * Unlimit the number of processes since Linux's setuid() will
+    * apply resource limits when changing uid and return EAGAIN if
+    * nproc would be violated by the uid switch.
+    */
+	(void) getrlimit(RLIMIT_NPROC, &nproclimit);
+	rl.rlim_cur = rl.rlim_max = RLIM_INFINITY;
+	if (setrlimit(RLIMIT_NPROC, &rl)) {
+		memcpy(&rl, &nproclimit, sizeof(struct rlimit));
+		rl.rlim_cur = rl.rlim_max;
+		(void)setrlimit(RLIMIT_NPROC, &rl);
+	}
+#endif /* __linux__ */
+	debug_return;
+}
+
 #ifdef HAVE_PROJECT_H
 static void
 set_project(struct passwd *pw)
@@ -1082,7 +1090,6 @@ exec_setup(struct command_details *detai
 	errno = 0;
 	l = sysconf(_SC_CHILD_MAX);
 	if (l == -1 && errno == 0 && getrlimit(RLIMIT_NPROC, &rl) == 0) {
-	    if (rl.rlim_cur == RLIM_INFINITY && rl.rlim_max == RLIM_INFINITY)
 		(void) setrlimit(RLIMIT_NPROC, &nproclimit);
 	}
     }
diff -up sudo-1.8.6p3/src/sudo.h.nprocfix sudo-1.8.6p3/src/sudo.h
--- sudo-1.8.6p3/src/sudo.h.nprocfix	2013-07-11 12:37:41.768202173 +0200
+++ sudo-1.8.6p3/src/sudo.h	2013-07-11 12:37:41.811202301 +0200
@@ -219,6 +219,7 @@ int policy_init_session(struct command_d
 int run_command(struct command_details *details);
 extern const char *list_user, *runas_user, *runas_group;
 extern struct user_details user_details;
+void unlimit_nproc(void);
 
 /* sudo_edit.c */
 int sudo_edit(struct command_details *details);
sudo package update Signed-off-by: basebuilder_pel7ppc64bebuilder0 <basebuilder@powerel.org> 7 years ago			`diff -up sudo-1.8.6p3/src/exec.c.nprocfix sudo-1.8.6p3/src/exec.c`
			`--- sudo-1.8.6p3/src/exec.c.nprocfix 2013-07-11 12:55:10.686308050 +0200`
			`+++ sudo-1.8.6p3/src/exec.c 2013-07-11 12:54:21.159160553 +0200`
			`@@ -132,6 +132,15 @@ static int fork_cmnd(struct command_deta`
			`if (policy_init_session(details) != true)`
			`errorx(1, _("policy plugin failed session initialization"));`

			`+ /*`
			`+ * See the comment in unlimit_nproc. It is important to call`
			`+ * this function AFTER policy_init_session, because the PAM`
			`+ * subsystem, if used, may change the RLIMIT_NPROC limit to`
			`+ * unlimited (infinity) and we would not be able to distinguish`
			`+ * between our temporary change and the change done by PAM.`
			`+ */`
			`+ unlimit_nproc();`
			`+`
			`cmnd_pid = sudo_debug_fork();`
			`switch (cmnd_pid) {`
			`case -1:`
			`diff -up sudo-1.8.6p3/src/exec_pty.c.nprocfix sudo-1.8.6p3/src/exec_pty.c`
			`--- sudo-1.8.6p3/src/exec_pty.c.nprocfix 2012-09-18 15:57:43.000000000 +0200`
			`+++ sudo-1.8.6p3/src/exec_pty.c 2013-07-11 12:37:41.811202301 +0200`
			`@@ -678,6 +678,15 @@ fork_pty(struct command_details *details`
			`errorx(1, _("policy plugin failed session initialization"));`

			`/*`
			`+ * See the comment in unlimit_nproc. It is important to call`
			`+ * this function AFTER policy_init_session, because the PAM`
			`+ * subsystem, if used, may change the RLIMIT_NPROC limit to`
			`+ * unlimited (infinity) and we would not be able to distinguish`
			`+ * between our temporary change and the change done by PAM.`
			`+ */`
			`+ unlimit_nproc();`
			`+`
			`+ /*`
			`* Block some signals until cmnd_pid is set in the parent to avoid a`
			`* race between exec of the command and receipt of a fatal signal from it.`
			`*/`
			`diff -up sudo-1.8.6p3/src/sudo.c.nprocfix sudo-1.8.6p3/src/sudo.c`
			`--- sudo-1.8.6p3/src/sudo.c.nprocfix 2013-07-11 12:37:41.767202170 +0200`
			`+++ sudo-1.8.6p3/src/sudo.c 2013-07-11 12:37:41.811202301 +0200`
			`@@ -808,25 +808,11 @@ sudo_check_suid(const char *path)`
			`static void`
			`disable_coredumps(void)`
			`{`
			`-#if defined(__linux__) \|\| defined(RLIMIT_CORE)`
			`- struct rlimit rl;`
			`+#if defined(RLIMIT_CORE)`
			`+ struct rlimit rl;`
			`#endif`
			`debug_decl(disable_coredumps, SUDO_DEBUG_UTIL)`

			`-#if defined(__linux__)`
			`- /*`
			`- * Unlimit the number of processes since Linux's setuid() will`
			`- * apply resource limits when changing uid and return EAGAIN if`
			`- * nproc would be violated by the uid switch.`
			`- */`
			`- (void) getrlimit(RLIMIT_NPROC, &nproclimit);`
			`- rl.rlim_cur = rl.rlim_max = RLIM_INFINITY;`
			`- if (setrlimit(RLIMIT_NPROC, &rl)) {`
			`- memcpy(&rl, &nproclimit, sizeof(struct rlimit));`
			`- rl.rlim_cur = rl.rlim_max;`
			`- (void)setrlimit(RLIMIT_NPROC, &rl);`
			`- }`
			`-#endif /* __linux__ */`
			`#ifdef RLIMIT_CORE`
			`/*`
			`* Turn off core dumps?`
			`@@ -841,6 +827,28 @@ disable_coredumps(void)`
			`debug_return;`
			`}`

			`+void`
			`+unlimit_nproc(void)`
			`+{`
			`+ debug_decl(unlimit_nproc, SUDO_DEBUG_UTIL)`
			`+#if defined(__linux__)`
			`+ struct rlimit rl;`
			`+ /*`
			`+ * Unlimit the number of processes since Linux's setuid() will`
			`+ * apply resource limits when changing uid and return EAGAIN if`
			`+ * nproc would be violated by the uid switch.`
			`+ */`
			`+ (void) getrlimit(RLIMIT_NPROC, &nproclimit);`
			`+ rl.rlim_cur = rl.rlim_max = RLIM_INFINITY;`
			`+ if (setrlimit(RLIMIT_NPROC, &rl)) {`
			`+ memcpy(&rl, &nproclimit, sizeof(struct rlimit));`
			`+ rl.rlim_cur = rl.rlim_max;`
			`+ (void)setrlimit(RLIMIT_NPROC, &rl);`
			`+ }`
			`+#endif /* __linux__ */`
			`+ debug_return;`
			`+}`
			`+`
			`#ifdef HAVE_PROJECT_H`
			`static void`
			`set_project(struct passwd *pw)`
			`@@ -1082,7 +1090,6 @@ exec_setup(struct command_details *detai`
			`errno = 0;`
			`l = sysconf(_SC_CHILD_MAX);`
			`if (l == -1 && errno == 0 && getrlimit(RLIMIT_NPROC, &rl) == 0) {`
			`- if (rl.rlim_cur == RLIM_INFINITY && rl.rlim_max == RLIM_INFINITY)`
			`(void) setrlimit(RLIMIT_NPROC, &nproclimit);`
			`}`
			`}`
			`diff -up sudo-1.8.6p3/src/sudo.h.nprocfix sudo-1.8.6p3/src/sudo.h`
			`--- sudo-1.8.6p3/src/sudo.h.nprocfix 2013-07-11 12:37:41.768202173 +0200`
			`+++ sudo-1.8.6p3/src/sudo.h 2013-07-11 12:37:41.811202301 +0200`
			`@@ -219,6 +219,7 @@ int policy_init_session(struct command_d`
			`int run_command(struct command_details *details);`
			`extern const char list_user, runas_user, *runas_group;`
			`extern struct user_details user_details;`
			`+void unlimit_nproc(void);`

			`/* sudo_edit.c */`
			`int sudo_edit(struct command_details *details);`