[sudo-users] uid switching vs resource limits
Todd C. Miller
Todd.Miller at courtesan.com
Fri Jun 12 09:34:59 MDT 2015
I've been trying to reproduce this on Debian 8 using 1.8.10p3-1+deb8u2
but I get the same behavior you report for 1.8.5. I've tried
reducing the nproc limit further but in each instance if I can run
a command via bash without hitting the limit I can run it via sudo
too.
millert at deb8:~$ dpkg -l | grep sudo
ii sudo 1.8.10p3-1+deb8u2 amd64 Provide limited super user privileges to specific users
millert at deb8:~$ ulimit -u 6
millert at deb8:~$ id
uid=1000(millert) gid=1000(millert) groups=1000(millert),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),108(netdev)
millert at deb8:~$ sudo bash -c "ulimit -u"
6
millert at deb8:~$ ulimit -u 5
millert at deb8:~$ id
bash: fork: retry: No child processes
bash: fork: retry: No child processes
bash: fork: retry: No child processes
bash: fork: retry: No child processes
bash: fork: Resource temporarily unavailable
- todd
More information about the sudo-users
mailing list