[sudo-workers] Lowering resource limits is an issue

[Kimmo Suominen]

Hi all,

On NetBSD the new unlimit+restore causes warnings when restoring
RLIMIT_STACK:

equinoxe:~> sudo -s
sudo: setrlimit(RLIMIT_STACK): Invalid argument


Using src/limits.c from the tip of the 1.8 branch (where RLIMIT_STACK is no
longer set to RLIM_INFINITY) causes these errors much less often than the
code from 1.8.29, but does not eliminate them.

I added output of rlim_cur and rlim_max to see if we are trying to increase
the soft limit beyond the hard limit -- I did not see that ever being the
case.

The other reason for setrlimit(2) returning EINVAL is that the call is
trying to lower the limit below the current usage for the resource.

Thus it would appear that it is not reasonable to simply try to reduce a
soft limit to its previous value after having increased it. Instead, one
would also need to (somehow) ascertain that resource usage is also shrunk
back down below the old limit first.

I also wonder if the compiler / linker / kernel is using any security /
protection methods such as allocating the stack "all over the place" (to
prevent predicting where it is in memory) and thus making it likely that
the resource usage exceeds the previous lower limit.

I looked at the archives of the sudo mailing lists searching for any
context on why we are trying to increase the resource limits to their
maximum values, as opposed to simply dying if a limit is hit. I could not
find anything -- any pointers?

It would seem undesirable that sudo just leaves the user with higher
limits, overriding policies that the administrator might have set on the
system (e.g. in login.conf(5)).

Kind regards,
+ Kimmo