[pkgsrc/trunk]: pkgsrc/security/sudo Fix setrlimit(3): Invalid argument

[kim <kim%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/bd8bf7abd824
branches:  trunk
changeset: 345818:bd8bf7abd824
user:      kim <kim%pkgsrc.org@localhost>
date:      Wed Dec 18 15:56:10 2019 +0000

description:
Fix setrlimit(3): Invalid argument

The new code that unlimits many resources appears to have been problematic
on a number of fronts. Fetched the current version of src/limits.c from
the sudo hg repo. RLIMIT_STACK (i.e. "3") is no longer set to RLIM_INFINITY.

Added code to output the name of the limit instead of its number.

diffstat:

 security/sudo/Makefile                                |    3 +-
 security/sudo/distinfo                                |    4 +-
 security/sudo/patches/patch-plugins_sudoers_sudoers.c |   37 +++++
 security/sudo/patches/patch-src_limits.c              |  123 ++++++++++++++++++
 4 files changed, 165 insertions(+), 2 deletions(-)

diffs (196 lines):

diff -r 15039db934a8 -r bd8bf7abd824 security/sudo/Makefile
--- a/security/sudo/Makefile    Wed Dec 18 15:43:44 2019 +0000
+++ b/security/sudo/Makefile    Wed Dec 18 15:56:10 2019 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.171 2019/12/15 18:42:09 adam Exp $
+# $NetBSD: Makefile,v 1.172 2019/12/18 15:56:10 kim Exp $
 
 DISTNAME=      sudo-1.8.29
+PKGREVISION=   1
 CATEGORIES=    security
 MASTER_SITES=  https://www.sudo.ws/dist/
 MASTER_SITES+= ftp://ftp.sudo.ws/pub/sudo/
diff -r 15039db934a8 -r bd8bf7abd824 security/sudo/distinfo
--- a/security/sudo/distinfo    Wed Dec 18 15:43:44 2019 +0000
+++ b/security/sudo/distinfo    Wed Dec 18 15:56:10 2019 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.104 2019/12/15 18:42:10 adam Exp $
+$NetBSD: distinfo,v 1.105 2019/12/18 15:56:10 kim Exp $
 
 SHA1 (sudo-1.8.29.tar.gz) = fdce342856f1803478eb549479190370001dca95
 RMD160 (sudo-1.8.29.tar.gz) = 706c7c8ec2a90b2e464e138384335b7de91d1c25
@@ -13,4 +13,6 @@
 SHA1 (patch-plugins_sudoers_Makefile.in) = 46bbee9c51664357099dc6d6871341de3e3fcc6f
 SHA1 (patch-plugins_sudoers_logging.c) = 700ac9540a82bea4f3106cea941b785e5bd31203
 SHA1 (patch-plugins_sudoers_starttime.c) = acec2f8a96041381582acff4928233568411f2c6
+SHA1 (patch-plugins_sudoers_sudoers.c) = b5aa8a91da50d4b12ea47cd92e29d25ea325b52c
 SHA1 (patch-src_Makefile.in) = cc6398a810dc394d8e4b50f2b2412cda839c0ca9
+SHA1 (patch-src_limits.c) = d602eb79fd61ae140e3d5eab357c704edc923519
diff -r 15039db934a8 -r bd8bf7abd824 security/sudo/patches/patch-plugins_sudoers_sudoers.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/sudo/patches/patch-plugins_sudoers_sudoers.c     Wed Dec 18 15:56:10 2019 +0000
@@ -0,0 +1,37 @@
+$NetBSD: patch-plugins_sudoers_sudoers.c,v 1.1 2019/12/18 15:56:11 kim Exp $
+
+Indicate the resource for which get/setrlimit fails.
+Make the code match what src/limits.c does.
+
+--- plugins/sudoers/sudoers.c.orig     2019-10-28 14:28:53.000000000 +0200
++++ plugins/sudoers/sudoers.c  2019-12-18 15:41:53.019149463 +0200
+@@ -123,16 +123,15 @@
+ unlimit_nproc(void)
+ {
+ #ifdef __linux__
+-    struct rlimit rl;
++    struct rlimit rl = { RLIM_INFINITY, RLIM_INFINITY };
+     debug_decl(unlimit_nproc, SUDOERS_DEBUG_UTIL)
+ 
+     if (getrlimit(RLIMIT_NPROC, &nproclimit) != 0)
+-          sudo_warn("getrlimit");
+-    rl.rlim_cur = rl.rlim_max = RLIM_INFINITY;
+-    if (setrlimit(RLIMIT_NPROC, &rl) != 0) {
++      sudo_warn("getrlimit(RLIMIT_NPROC)");
++    if (setrlimit(RLIMIT_NPROC, &rl) == -1) {
+       rl.rlim_cur = rl.rlim_max = nproclimit.rlim_max;
+       if (setrlimit(RLIMIT_NPROC, &rl) != 0)
+-          sudo_warn("setrlimit");
++          sudo_warn("setrlimit(RLIMIT_NPROC)");
+     }
+     debug_return;
+ #endif /* __linux__ */
+@@ -148,7 +147,7 @@
+     debug_decl(restore_nproc, SUDOERS_DEBUG_UTIL)
+ 
+     if (setrlimit(RLIMIT_NPROC, &nproclimit) != 0)
+-      sudo_warn("setrlimit");
++      sudo_warn("setrlimit(RLIMIT_NPROC)");
+ 
+     debug_return;
+ #endif /* __linux__ */
diff -r 15039db934a8 -r bd8bf7abd824 security/sudo/patches/patch-src_limits.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/sudo/patches/patch-src_limits.c  Wed Dec 18 15:56:10 2019 +0000
@@ -0,0 +1,123 @@
+$NetBSD: patch-src_limits.c,v 1.1 2019/12/18 15:56:11 kim Exp $
+
+* Indicate the name of the resource for which setrlimit fails.
+* Simplify resource limit fallback logic a bit.
+* Don't set the RLIMIT_STACK soft/hard limits to unlimited.
+* macOS does not allow rlim_cur to be set to RLIM_INFINITY for RLIMIT_NOFILE.
+
+--- src/limits.c.orig  2019-10-28 14:28:52.000000000 +0200
++++ src/limits.c       2019-12-18 17:22:45.500245697 +0200
+@@ -37,28 +37,46 @@
+ #ifdef __linux__
+ # include <sys/prctl.h>
+ #endif
++#include <limits.h>
+ 
+ #include "sudo.h"
+ 
++#if defined(OPEN_MAX) && OPEN_MAX > 256
++# define SUDO_OPEN_MAX        OPEN_MAX
++#else
++# define SUDO_OPEN_MAX        256
++#endif
++
++/*
++ * macOS doesn't allow nofile soft limit to be infinite or
++ * the stack hard limit to be infinite.
++ * Linux containers have a problem with an infinite stack soft limit.
++ */
++static struct rlimit nofile_fallback = { SUDO_OPEN_MAX, RLIM_INFINITY };
++static struct rlimit stack_fallback = { 8192 * 1024, 65532 * 1024 };
++
+ static struct saved_limit {
++    char *name;
+     int resource;
+     bool saved;
+-    struct rlimit limit;
++    struct rlimit *fallback;
++    struct rlimit newlimit;
++    struct rlimit oldlimit;
+ } saved_limits[] = {
+ #ifdef RLIMIT_AS
+-    { RLIMIT_AS },
++    { "RLIMIT_AS", RLIMIT_AS, false, NULL, { RLIM_INFINITY, RLIM_INFINITY } },
+ #endif
+-    { RLIMIT_CPU },
+-    { RLIMIT_DATA },
+-    { RLIMIT_FSIZE },
+-    { RLIMIT_NOFILE },
++    { "RLIMIT_CPU", RLIMIT_CPU, false, NULL, { RLIM_INFINITY, RLIM_INFINITY } },
++    { "RLIMIT_DATA", RLIMIT_DATA, false, NULL, { RLIM_INFINITY, RLIM_INFINITY } },
++    { "RLIMIT_FSIZE", RLIMIT_FSIZE, false, NULL, { RLIM_INFINITY, RLIM_INFINITY } },
++    { "RLIMIT_NOFILE", RLIMIT_NOFILE, false, &nofile_fallback, { RLIM_INFINITY, RLIM_INFINITY } },
+ #ifdef RLIMIT_NPROC
+-    { RLIMIT_NPROC },
++    { "RLIMIT_NPROC", RLIMIT_NPROC, false, NULL, { RLIM_INFINITY, RLIM_INFINITY } },
+ #endif
+ #ifdef RLIMIT_RSS
+-    { RLIMIT_RSS },
++    { "RLIMIT_RSS", RLIMIT_RSS, false, NULL, { RLIM_INFINITY, RLIM_INFINITY } },
+ #endif
+-    { RLIMIT_STACK }
++    { "RLIMIT_STACK", RLIMIT_STACK, false, &stack_fallback, { 8192 * 1024, RLIM_INFINITY } }
+ };
+ 
+ static struct rlimit corelimit;
+@@ -160,21 +178,39 @@
+ void
+ unlimit_sudo(void)
+ {
+-    struct rlimit inf = { RLIM_INFINITY, RLIM_INFINITY };
+     unsigned int idx;
++    int rc;
+     debug_decl(unlimit_sudo, SUDO_DEBUG_UTIL)
+ 
+     /* Set resource limits to unlimited and stash the old values. */
+     for (idx = 0; idx < nitems(saved_limits); idx++) {
+       struct saved_limit *lim = &saved_limits[idx];
+-      if (getrlimit(lim->resource, &lim->limit) == -1)
++      if (getrlimit(lim->resource, &lim->oldlimit) == -1)
+           continue;
+       lim->saved = true;
+-      if (setrlimit(lim->resource, &inf) == -1) {
+-          struct rlimit rl = lim->limit;
+-          rl.rlim_cur = rl.rlim_max;
+-          if (setrlimit(lim->resource, &rl) == -1)
+-              sudo_warn("setrlimit(%d)", lim->resource);
++      if (lim->newlimit.rlim_cur != RLIM_INFINITY) {
++          /* Don't reduce the soft resource limit. */
++          if (lim->oldlimit.rlim_cur == RLIM_INFINITY ||
++                  lim->oldlimit.rlim_cur > lim->newlimit.rlim_cur)
++              lim->newlimit.rlim_cur = lim->oldlimit.rlim_cur;
++      }
++      if (lim->newlimit.rlim_max != RLIM_INFINITY) {
++          /* Don't reduce the hard resource limit. */
++          if (lim->oldlimit.rlim_max == RLIM_INFINITY ||
++                  lim->oldlimit.rlim_max > lim->newlimit.rlim_max)
++              lim->newlimit.rlim_max = lim->oldlimit.rlim_max;
++      }
++      if ((rc = setrlimit(lim->resource, &lim->newlimit)) == -1) {
++          if (lim->fallback != NULL)
++              rc = setrlimit(lim->resource, lim->fallback);
++          if (rc == -1) {
++              /* Try setting new rlim_cur to old rlim_max. */
++              lim->newlimit.rlim_cur = lim->oldlimit.rlim_max;
++              lim->newlimit.rlim_max = lim->oldlimit.rlim_max;
++              rc = setrlimit(lim->resource, &lim->newlimit);
++          }
++          if (rc == -1)
++              sudo_warn("setrlimit(%s)", lim->name);
+       }
+     }
+ 
+@@ -194,8 +230,8 @@
+     for (idx = 0; idx < nitems(saved_limits); idx++) {
+       struct saved_limit *lim = &saved_limits[idx];
+       if (lim->saved) {
+-          if (setrlimit(lim->resource, &lim->limit) == -1)
+-              sudo_warn("setrlimit(%d)", lim->resource);
++          if (setrlimit(lim->resource, &lim->oldlimit) == -1)
++              sudo_warn("setrlimit(%s)", lim->name);
+       }
+     }
+     restore_coredump();