Received: by mail.netbsd.org (Postfix, from userid 605) id A640E84D81; Wed, 18 Dec 2019 15:56:12 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 2D7DA84D7C for ; Wed, 18 Dec 2019 15:56:12 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id Nz8e055IyHlY for ; Wed, 18 Dec 2019 15:56:11 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 5991984D79 for ; Wed, 18 Dec 2019 15:56:11 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 48F81FA97; Wed, 18 Dec 2019 15:56:11 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_157668457123620" MIME-Version: 1.0 Date: Wed, 18 Dec 2019 15:56:11 +0000 From: "Kimmo Suominen" Subject: CVS commit: pkgsrc/security/sudo To: pkgsrc-changes@NetBSD.org Reply-To: kim@netbsd.org X-Mailer: log_accum Message-Id: <20191218155611.48F81FA97@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_157668457123620 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: kim Date: Wed Dec 18 15:56:11 UTC 2019 Modified Files: pkgsrc/security/sudo: Makefile distinfo Added Files: pkgsrc/security/sudo/patches: patch-plugins_sudoers_sudoers.c patch-src_limits.c Log Message: Fix setrlimit(3): Invalid argument The new code that unlimits many resources appears to have been problematic on a number of fronts. Fetched the current version of src/limits.c from the sudo hg repo. RLIMIT_STACK (i.e. "3") is no longer set to RLIM_INFINITY. Added code to output the name of the limit instead of its number. To generate a diff of this commit: cvs rdiff -u -r1.171 -r1.172 pkgsrc/security/sudo/Makefile cvs rdiff -u -r1.104 -r1.105 pkgsrc/security/sudo/distinfo cvs rdiff -u -r0 -r1.1 \ pkgsrc/security/sudo/patches/patch-plugins_sudoers_sudoers.c \ pkgsrc/security/sudo/patches/patch-src_limits.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_157668457123620 Content-Disposition: inline Content-Length: 7834 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/security/sudo/Makefile diff -u pkgsrc/security/sudo/Makefile:1.171 pkgsrc/security/sudo/Makefile:1.172 --- pkgsrc/security/sudo/Makefile:1.171 Sun Dec 15 18:42:09 2019 +++ pkgsrc/security/sudo/Makefile Wed Dec 18 15:56:10 2019 @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.171 2019/12/15 18:42:09 adam Exp $ +# $NetBSD: Makefile,v 1.172 2019/12/18 15:56:10 kim Exp $ DISTNAME= sudo-1.8.29 +PKGREVISION= 1 CATEGORIES= security MASTER_SITES= https://www.sudo.ws/dist/ MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/ Index: pkgsrc/security/sudo/distinfo diff -u pkgsrc/security/sudo/distinfo:1.104 pkgsrc/security/sudo/distinfo:1.105 --- pkgsrc/security/sudo/distinfo:1.104 Sun Dec 15 18:42:10 2019 +++ pkgsrc/security/sudo/distinfo Wed Dec 18 15:56:10 2019 @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.104 2019/12/15 18:42:10 adam Exp $ +$NetBSD: distinfo,v 1.105 2019/12/18 15:56:10 kim Exp $ SHA1 (sudo-1.8.29.tar.gz) = fdce342856f1803478eb549479190370001dca95 RMD160 (sudo-1.8.29.tar.gz) = 706c7c8ec2a90b2e464e138384335b7de91d1c25 @@ -13,4 +13,6 @@ SHA1 (patch-lib_util_str2sig.c) = e04aa6 SHA1 (patch-plugins_sudoers_Makefile.in) = 46bbee9c51664357099dc6d6871341de3e3fcc6f SHA1 (patch-plugins_sudoers_logging.c) = 700ac9540a82bea4f3106cea941b785e5bd31203 SHA1 (patch-plugins_sudoers_starttime.c) = acec2f8a96041381582acff4928233568411f2c6 +SHA1 (patch-plugins_sudoers_sudoers.c) = b5aa8a91da50d4b12ea47cd92e29d25ea325b52c SHA1 (patch-src_Makefile.in) = cc6398a810dc394d8e4b50f2b2412cda839c0ca9 +SHA1 (patch-src_limits.c) = d602eb79fd61ae140e3d5eab357c704edc923519 Added files: Index: pkgsrc/security/sudo/patches/patch-plugins_sudoers_sudoers.c diff -u /dev/null pkgsrc/security/sudo/patches/patch-plugins_sudoers_sudoers.c:1.1 --- /dev/null Wed Dec 18 15:56:11 2019 +++ pkgsrc/security/sudo/patches/patch-plugins_sudoers_sudoers.c Wed Dec 18 15:56:11 2019 @@ -0,0 +1,37 @@ +$NetBSD: patch-plugins_sudoers_sudoers.c,v 1.1 2019/12/18 15:56:11 kim Exp $ + +Indicate the resource for which get/setrlimit fails. +Make the code match what src/limits.c does. + +--- plugins/sudoers/sudoers.c.orig 2019-10-28 14:28:53.000000000 +0200 ++++ plugins/sudoers/sudoers.c 2019-12-18 15:41:53.019149463 +0200 +@@ -123,16 +123,15 @@ + unlimit_nproc(void) + { + #ifdef __linux__ +- struct rlimit rl; ++ struct rlimit rl = { RLIM_INFINITY, RLIM_INFINITY }; + debug_decl(unlimit_nproc, SUDOERS_DEBUG_UTIL) + + if (getrlimit(RLIMIT_NPROC, &nproclimit) != 0) +- sudo_warn("getrlimit"); +- rl.rlim_cur = rl.rlim_max = RLIM_INFINITY; +- if (setrlimit(RLIMIT_NPROC, &rl) != 0) { ++ sudo_warn("getrlimit(RLIMIT_NPROC)"); ++ if (setrlimit(RLIMIT_NPROC, &rl) == -1) { + rl.rlim_cur = rl.rlim_max = nproclimit.rlim_max; + if (setrlimit(RLIMIT_NPROC, &rl) != 0) +- sudo_warn("setrlimit"); ++ sudo_warn("setrlimit(RLIMIT_NPROC)"); + } + debug_return; + #endif /* __linux__ */ +@@ -148,7 +147,7 @@ + debug_decl(restore_nproc, SUDOERS_DEBUG_UTIL) + + if (setrlimit(RLIMIT_NPROC, &nproclimit) != 0) +- sudo_warn("setrlimit"); ++ sudo_warn("setrlimit(RLIMIT_NPROC)"); + + debug_return; + #endif /* __linux__ */ Index: pkgsrc/security/sudo/patches/patch-src_limits.c diff -u /dev/null pkgsrc/security/sudo/patches/patch-src_limits.c:1.1 --- /dev/null Wed Dec 18 15:56:11 2019 +++ pkgsrc/security/sudo/patches/patch-src_limits.c Wed Dec 18 15:56:11 2019 @@ -0,0 +1,123 @@ +$NetBSD: patch-src_limits.c,v 1.1 2019/12/18 15:56:11 kim Exp $ + +* Indicate the name of the resource for which setrlimit fails. +* Simplify resource limit fallback logic a bit. +* Don't set the RLIMIT_STACK soft/hard limits to unlimited. +* macOS does not allow rlim_cur to be set to RLIM_INFINITY for RLIMIT_NOFILE. + +--- src/limits.c.orig 2019-10-28 14:28:52.000000000 +0200 ++++ src/limits.c 2019-12-18 17:22:45.500245697 +0200 +@@ -37,28 +37,46 @@ + #ifdef __linux__ + # include + #endif ++#include + + #include "sudo.h" + ++#if defined(OPEN_MAX) && OPEN_MAX > 256 ++# define SUDO_OPEN_MAX OPEN_MAX ++#else ++# define SUDO_OPEN_MAX 256 ++#endif ++ ++/* ++ * macOS doesn't allow nofile soft limit to be infinite or ++ * the stack hard limit to be infinite. ++ * Linux containers have a problem with an infinite stack soft limit. ++ */ ++static struct rlimit nofile_fallback = { SUDO_OPEN_MAX, RLIM_INFINITY }; ++static struct rlimit stack_fallback = { 8192 * 1024, 65532 * 1024 }; ++ + static struct saved_limit { ++ char *name; + int resource; + bool saved; +- struct rlimit limit; ++ struct rlimit *fallback; ++ struct rlimit newlimit; ++ struct rlimit oldlimit; + } saved_limits[] = { + #ifdef RLIMIT_AS +- { RLIMIT_AS }, ++ { "RLIMIT_AS", RLIMIT_AS, false, NULL, { RLIM_INFINITY, RLIM_INFINITY } }, + #endif +- { RLIMIT_CPU }, +- { RLIMIT_DATA }, +- { RLIMIT_FSIZE }, +- { RLIMIT_NOFILE }, ++ { "RLIMIT_CPU", RLIMIT_CPU, false, NULL, { RLIM_INFINITY, RLIM_INFINITY } }, ++ { "RLIMIT_DATA", RLIMIT_DATA, false, NULL, { RLIM_INFINITY, RLIM_INFINITY } }, ++ { "RLIMIT_FSIZE", RLIMIT_FSIZE, false, NULL, { RLIM_INFINITY, RLIM_INFINITY } }, ++ { "RLIMIT_NOFILE", RLIMIT_NOFILE, false, &nofile_fallback, { RLIM_INFINITY, RLIM_INFINITY } }, + #ifdef RLIMIT_NPROC +- { RLIMIT_NPROC }, ++ { "RLIMIT_NPROC", RLIMIT_NPROC, false, NULL, { RLIM_INFINITY, RLIM_INFINITY } }, + #endif + #ifdef RLIMIT_RSS +- { RLIMIT_RSS }, ++ { "RLIMIT_RSS", RLIMIT_RSS, false, NULL, { RLIM_INFINITY, RLIM_INFINITY } }, + #endif +- { RLIMIT_STACK } ++ { "RLIMIT_STACK", RLIMIT_STACK, false, &stack_fallback, { 8192 * 1024, RLIM_INFINITY } } + }; + + static struct rlimit corelimit; +@@ -160,21 +178,39 @@ + void + unlimit_sudo(void) + { +- struct rlimit inf = { RLIM_INFINITY, RLIM_INFINITY }; + unsigned int idx; ++ int rc; + debug_decl(unlimit_sudo, SUDO_DEBUG_UTIL) + + /* Set resource limits to unlimited and stash the old values. */ + for (idx = 0; idx < nitems(saved_limits); idx++) { + struct saved_limit *lim = &saved_limits[idx]; +- if (getrlimit(lim->resource, &lim->limit) == -1) ++ if (getrlimit(lim->resource, &lim->oldlimit) == -1) + continue; + lim->saved = true; +- if (setrlimit(lim->resource, &inf) == -1) { +- struct rlimit rl = lim->limit; +- rl.rlim_cur = rl.rlim_max; +- if (setrlimit(lim->resource, &rl) == -1) +- sudo_warn("setrlimit(%d)", lim->resource); ++ if (lim->newlimit.rlim_cur != RLIM_INFINITY) { ++ /* Don't reduce the soft resource limit. */ ++ if (lim->oldlimit.rlim_cur == RLIM_INFINITY || ++ lim->oldlimit.rlim_cur > lim->newlimit.rlim_cur) ++ lim->newlimit.rlim_cur = lim->oldlimit.rlim_cur; ++ } ++ if (lim->newlimit.rlim_max != RLIM_INFINITY) { ++ /* Don't reduce the hard resource limit. */ ++ if (lim->oldlimit.rlim_max == RLIM_INFINITY || ++ lim->oldlimit.rlim_max > lim->newlimit.rlim_max) ++ lim->newlimit.rlim_max = lim->oldlimit.rlim_max; ++ } ++ if ((rc = setrlimit(lim->resource, &lim->newlimit)) == -1) { ++ if (lim->fallback != NULL) ++ rc = setrlimit(lim->resource, lim->fallback); ++ if (rc == -1) { ++ /* Try setting new rlim_cur to old rlim_max. */ ++ lim->newlimit.rlim_cur = lim->oldlimit.rlim_max; ++ lim->newlimit.rlim_max = lim->oldlimit.rlim_max; ++ rc = setrlimit(lim->resource, &lim->newlimit); ++ } ++ if (rc == -1) ++ sudo_warn("setrlimit(%s)", lim->name); + } + } + +@@ -194,8 +230,8 @@ + for (idx = 0; idx < nitems(saved_limits); idx++) { + struct saved_limit *lim = &saved_limits[idx]; + if (lim->saved) { +- if (setrlimit(lim->resource, &lim->limit) == -1) +- sudo_warn("setrlimit(%d)", lim->resource); ++ if (setrlimit(lim->resource, &lim->oldlimit) == -1) ++ sudo_warn("setrlimit(%s)", lim->name); + } + } + restore_coredump(); --_----------=_157668457123620--