su: reset also RLIMIT_FSIZE and RLIMIT_NOFILE
Addresses: https://github.com/linux-pam/linux-pam/issues/85 Signed-off-by: Karel Zak <kzak@redhat.com>
This commit is contained in:
parent
c3ea860b9f
commit
08273c672b
|
@ -959,13 +959,27 @@ static int is_not_root(void)
|
||||||
return (uid_t) 0 == ruid && ruid == euid ? 0 : 1;
|
return (uid_t) 0 == ruid && ruid == euid ? 0 : 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Don't rely on PAM and reset the most important limits. */
|
||||||
static void sanitize_prlimits(void)
|
static void sanitize_prlimits(void)
|
||||||
{
|
{
|
||||||
#ifdef HAVE_SYS_RESOURCE_H
|
#ifdef HAVE_SYS_RESOURCE_H
|
||||||
struct rlimit lm = { .rlim_cur = 0, .rlim_max = 0 };
|
struct rlimit lm = { .rlim_cur = 0, .rlim_max = 0 };
|
||||||
|
|
||||||
|
/* reset to zero */
|
||||||
setrlimit(RLIMIT_NICE, &lm);
|
setrlimit(RLIMIT_NICE, &lm);
|
||||||
setrlimit(RLIMIT_RTPRIO, &lm);
|
setrlimit(RLIMIT_RTPRIO, &lm);
|
||||||
|
|
||||||
|
/* reset to unlimited */
|
||||||
|
lm.rlim_cur = RLIM_INFINITY;
|
||||||
|
lm.rlim_max = RLIM_INFINITY;
|
||||||
|
setrlimit(RLIMIT_FSIZE, &lm);
|
||||||
|
|
||||||
|
/* reset soft limit only */
|
||||||
|
getrlimit(RLIMIT_NOFILE, &lm);
|
||||||
|
if (lm.rlim_cur != FD_SETSIZE) {
|
||||||
|
lm.rlim_cur = FD_SETSIZE;
|
||||||
|
setrlimit(RLIMIT_NOFILE, &lm);
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -29,7 +29,7 @@ This version of *su* uses PAM for authentication, account and session management
|
||||||
|
|
||||||
Note that *su* in all cases uses PAM (*pam_getenvlist*(3)) to do the final environment modification. Command-line options such as *--login* and *--preserve-environment* affect the environment before it is modified by PAM.
|
Note that *su* in all cases uses PAM (*pam_getenvlist*(3)) to do the final environment modification. Command-line options such as *--login* and *--preserve-environment* affect the environment before it is modified by PAM.
|
||||||
|
|
||||||
Since version 2.38 *su* resets process resource limits RLIMIT_NICE and RLIMIT_RTPRIO to zero.
|
Since version 2.38 *su* resets process resource limits RLIMIT_NICE, RLIMIT_RTPRIO, RLIMIT_FSIZE and RLIMIT_NOFILE.
|
||||||
|
|
||||||
== OPTIONS
|
== OPTIONS
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue