Ok, here is the patch. Comment inside the patch explains what it does:
diff -ru pam-0.79-3.2/Linux-PAM/modules/pam_limits/pam_limits.c
pam-0.79-3.2.0vh/Linux-PAM/modules/pam_limits/pam_limits.c
--- pam-0.79-3.2/Linux-PAM/modules/pam_limits/pam_limits.c 2006-09-20
13:32:48.000000000 +0300
+++ pam-0.79-3.2.0vh/Linux-PAM/modules/pam_limits/pam_limits.c 2006-09-21
19:48:18.000000000 +0300
@@ -257,8 +257,38 @@
pl->supported[i] = 1;
pl->limits[i].src_soft = LIMITS_DEF_NONE;
pl->limits[i].src_hard = LIMITS_DEF_NONE;
- pl->limits[i].limit.rlim_cur = RLIM_INFINITY;
- pl->limits[i].limit.rlim_max = RLIM_INFINITY;
+ switch (i) {
+ case RLIMIT_CPU:
+ case RLIMIT_FSIZE:
+ case RLIMIT_DATA:
+ case RLIMIT_STACK:
+ case RLIMIT_CORE:
+ case RLIMIT_RSS:
+ case RLIMIT_NPROC:
+ case RLIMIT_NOFILE:
+ case RLIMIT_MEMLOCK:
+#ifdef RLIMIT_AS
+ case RLIMIT_AS:
+#endif
+#ifdef RLIMIT_LOCKS
+ case RLIMIT_LOCKS:
+#endif
+#ifdef RLIMIT_SIGPENDING
+ case RLIMIT_SIGPENDING:
+#endif
+#ifdef RLIMIT_MSGQUEUE
+ case RLIMIT_MSGQUEUE:
+#endif
+ pl->limits[i].limit.rlim_cur = RLIM_INFINITY;
+ pl->limits[i].limit.rlim_max = RLIM_INFINITY;
+ break;
+ default:
+ /* Dont touch unknown/unsupported rlimit values ---
+ * RLIM_INFINITY might be a bad choice for them and
+ * even open up security holes (for example, the latter
+ * is true for RLIM_RTPRIO in newer Linux kernels). */
+ break;
+ }
}
}
--
Ville Hallik
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
