[sudo-users] uid switching vs resource limits

Todd C. Miller Todd.Miller at courtesan.com
Wed Jun 17 06:42:36 MDT 2015


On Wed, 17 Jun 2015 15:33:24 +0300, Teodor Milkov wrote:

> This might also be due to interaction with grsecurity kernel patch, 
> which I use.
> 
> There's this part in it:
> 
> + /* Handle the case where a fork and setuid occur and then RLIMIT_NPROC
> +    is changed to a lower value.  Since tasks can be created by the same
> +    user in between this limit change and an execve by this task, force
> +    a recheck only for this task by setting PF_NPROC_EXCEEDED
> + */
> + if (resource == RLIMIT_NPROC && tsk->real_cred->user != INIT_USER)
> +     tsk->flags |= PF_NPROC_EXCEEDED;

That could be it.  I did commit a workaround:
    http://www.sudo.ws/repos/sudo/rev/e6a03c31f4e5

 - todd


More information about the sudo-users mailing list