From e3f303fdb5640b60e6304f48de11c5ad829e61a1 Mon Sep 17 00:00:00 2001 From: nekral-guest Date: Fri, 12 Oct 2007 22:36:26 +0000 Subject: [PATCH] If compiled without PAM support, enforce the limits from /etc/limits when one of the -, -l, or --login options is set, even if called by root. Thanks to Justin Bronder. --- ChangeLog | 6 ++++++ NEWS | 5 ++++- src/su.c | 5 +++-- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 545d4d87..bc673938 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2007-10-13 Nicolas François + + * NEWS, src/su.c: If compiled without PAM support, enforce the + limits from /etc/limits when one of the -, -l, or --login options + is set, even if called by root. Thanks to Justin Bronder. + 2007-10-07 Nicolas François * NEWS, Changelog: Convert the Changelog and NEWS files to UTF-8 diff --git a/NEWS b/NEWS index 62d9fa64..7ebfe080 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,6 @@ $Id: NEWS,v 1.492 2007/02/01 20:49:25 kloczek Exp $ -shadow-4.0.18.1 -> shadow-4.0.18.2 09-08-2006 +shadow-4.0.18.1 -> shadow-4.0.18.2 13-10-2007 *** general: - usermod: fixed handle -a option (by Benno Schulenberg @@ -9,6 +9,9 @@ shadow-4.0.18.1 -> shadow-4.0.18.2 09-08-2006 (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211659), - groupadd, groupdel, groupmod, useradd, userdel, usermod: flush nscd cashes after close /etc/{group,passwd} files, +- su: If compiled without PAM support, enforce the limits from /etc/limits + when one of the -, -l, or --login options is set, even if called by root. +*** documentation: - updated translations: ja, nl, tl. - groupadd.8, groupmod.8, login.1, useradd.8, userdel.8, usermod.8: grammar mistakes and other correctstions (by Schulenberg ), diff --git a/src/su.c b/src/su.c index 40054bcf..745f4766 100644 --- a/src/su.c +++ b/src/su.c @@ -790,8 +790,9 @@ int main (int argc, char **argv) } #else /* !USE_PAM */ environ = newenvp; /* make new environment active */ - - if (!amroot) /* no limits if su from root */ + + /* no limits if su from root (unless su must fake login's behavior) */ + if (!amroot || fakelogin) setup_limits (&pwent); if (setup_uid_gid (&pwent, is_console))