Note that *runuser* in all cases use PAM (pam_getenvlist()) to do the final environment modification. Command-line options such as *--login* and *--preserve-environment* affect the environment before it is modified by PAM.
+Since version 2.38 *runuser* resets process resource limits RLIMIT_NICE and RLIMIT_RTPRIO to zero.
+
== OPTIONS
*-c*, *--command*=_command_::
#include <sys/wait.h>
#include <syslog.h>
#include <utmpx.h>
+#include <sys/time.h>
+
+#ifdef HAVE_SYS_RESOURCE_H
+# include <sys/resource.h>
+#endif
#ifdef HAVE_PTY
# include <pty.h>
return (uid_t) 0 == ruid && ruid == euid ? 0 : 1;
}
+static void sanitize_prlimits(void)
+{
+#ifdef HAVE_SYS_RESOURCE_H
+ struct rlimit lm = { .rlim_cur = 0, .rlim_max = 0 };
+
+ setrlimit(RLIMIT_NICE, &lm);
+ setrlimit(RLIMIT_RTPRIO, &lm);
+#endif
+}
+
static gid_t add_supp_group(const char *name, gid_t **groups, size_t *ngroups)
{
struct group *gr;
if (!su->simulate_login || command)
su->suppress_pam_info = 1; /* don't print PAM info messages */
+ sanitize_prlimits();
+
supam_open_session(su);
#ifdef USE_PTY
Note that *su* in all cases uses PAM (*pam_getenvlist*(3)) to do the final environment modification. Command-line options such as *--login* and *--preserve-environment* affect the environment before it is modified by PAM.
+Since version 2.38 *su* resets process resource limits RLIMIT_NICE and RLIMIT_RTPRIO to zero.
+
== OPTIONS
*-c*, **--command**=__command__::
projects / thirdparty / util-linux.git / commitdiff
