[BACK]Return to sudo.c CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / src

Diff for /embedaddon/sudo/src/sudo.c between versions 1.1.1.2 and 1.1.1.3

version 1.1.1.2, 2012/05/29 12:26:49 version 1.1.1.3, 2012/10/09 09:29:52
Line 192  main(int argc, char *argv[], char *envp[]) Line 192  main(int argc, char *argv[], char *envp[])
     (void) sigprocmask(SIG_SETMASK, &mask, NULL);      (void) sigprocmask(SIG_SETMASK, &mask, NULL);
     fix_fds();      fix_fds();
   
       /* Read sudo.conf. */
       sudo_conf_read();
   
     /* Fill in user_info with user name, uid, cwd, etc. */      /* Fill in user_info with user name, uid, cwd, etc. */
     memset(&user_details, 0, sizeof(user_details));      memset(&user_details, 0, sizeof(user_details));
     user_info = get_user_info(&user_details);      user_info = get_user_info(&user_details);
   
     /* Read sudo.conf. */  
     sudo_conf_read();  
   
     /* Disable core dumps if not enabled in sudo.conf. */      /* Disable core dumps if not enabled in sudo.conf. */
     disable_coredumps();      disable_coredumps();
   
Line 670  command_info_to_details(char * const info[], struct co Line 670  command_info_to_details(char * const info[], struct co
                     }                      }
                     break;                      break;
                 }                  }
   #ifdef HAVE_PRIV_SET
                   if (strncmp("runas_privs=", info[i], sizeof("runas_privs=") - 1) == 0) {
                       const char *endp;
                       cp = info[i] + sizeof("runas_privs=") - 1;
                       if (*cp == '\0')
                           break;
                       errno = 0;
                       details->privs = priv_str_to_set(cp, ",", &endp);
                       if (details->privs == NULL)
                               warning("invalid runas_privs %s", endp);
                   }
                   if (strncmp("runas_limitprivs=", info[i], sizeof("runas_limitprivs=") - 1) == 0) {
                       const char *endp;
                       cp = info[i] + sizeof("runas_limitprivs=") - 1;
                       if (*cp == '\0')
                           break;
                       errno = 0;
                       details->limitprivs = priv_str_to_set(cp, ",", &endp);
                       if (details->limitprivs == NULL)
                               warning("invalid runas_limitprivs %s", endp);
                   }
   #endif /* HAVE_PRIV_SET */
                 break;                  break;
             case 's':              case 's':
                 SET_STRING("selinux_role=", selinux_role)                  SET_STRING("selinux_role=", selinux_role)
Line 900  exec_setup(struct command_details *details, const char Line 922  exec_setup(struct command_details *details, const char
 #ifdef HAVE_PROJECT_H  #ifdef HAVE_PROJECT_H
         set_project(details->pw);          set_project(details->pw);
 #endif  #endif
   #ifdef HAVE_PRIV_SET
       if (details->privs != NULL) {
           if (setppriv(PRIV_SET, PRIV_INHERITABLE, details->privs) != 0) {
               warning("unable to set privileges");
               goto done;
           }
       }
       if (details->limitprivs != NULL) {
           if (setppriv(PRIV_SET, PRIV_LIMIT, details->limitprivs) != 0) {
               warning("unable to set limit privileges");
               goto done;
           }
       } else if (details->privs != NULL) {
           if (setppriv(PRIV_SET, PRIV_LIMIT, details->privs) != 0) {
               warning("unable to set limit privileges");
               goto done;
           }
       }
   #endif /* HAVE_PRIV_SET */
   
 #ifdef HAVE_GETUSERATTR  #ifdef HAVE_GETUSERATTR
         aix_prep_user(details->pw->pw_name, ptyname ? ptyname : user_details.tty);          aix_prep_user(details->pw->pw_name, ptyname ? ptyname : user_details.tty);
 #endif  #endif
Line 1011  exec_setup(struct command_details *details, const char Line 1053  exec_setup(struct command_details *details, const char
     }      }
   
     /*      /*
     * Restore nproc resource limit if pam_limits didn't do it for us.     * SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX
      * interchangably.  This causes problems when setting RLIMIT_NPROC
      * to RLIM_INFINITY due to a bug in bash where bash tries to honor
      * the value of _SC_CHILD_MAX but treats a value of -1 as an error,
      * and uses a default value of 32 instead.
      *
      * To work around this problem, we restore the nproc resource limit
      * if sysconf(_SC_CHILD_MAX) is negative.  In most cases, pam_limits
      * will set RLIMIT_NPROC for us.
      *
      * We must do this *after* the uid change to avoid potential EAGAIN       * We must do this *after* the uid change to avoid potential EAGAIN
      * from setuid().       * from setuid().
      */       */
#if defined(__linux__)#if defined(__linux__) && defined(_SC_CHILD_MAX)
     {      {
         struct rlimit rl;          struct rlimit rl;
        if (getrlimit(RLIMIT_NPROC, &rl) == 0) {        long l;
         errno = 0;
         l = sysconf(_SC_CHILD_MAX);
         if (l == -1 && errno == 0 && getrlimit(RLIMIT_NPROC, &rl) == 0) {
             if (rl.rlim_cur == RLIM_INFINITY && rl.rlim_max == RLIM_INFINITY)              if (rl.rlim_cur == RLIM_INFINITY && rl.rlim_max == RLIM_INFINITY)
                 (void) setrlimit(RLIMIT_NPROC, &nproclimit);                  (void) setrlimit(RLIMIT_NPROC, &nproclimit);
         }          }
Removed from v.1.1.1.2  
changed lines
  Added in v.1.1.1.3

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>