From 4a893912cec828a01819e9ee78a505e43c1b7567 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Mon, 11 Nov 2019 16:07:43 -0700
Subject: [PATCH] Restore resource limits before executing the askpass program.
 Linux with docker seems to have issues executing a program when the stack
 size is unlimited.  Bug #908

---
 src/tgetpass.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/tgetpass.c b/src/tgetpass.c
index 69cecd077..f3a30f233 100644
--- a/src/tgetpass.c
+++ b/src/tgetpass.c
@@ -320,6 +320,10 @@ sudo_askpass(const char *askpass, const char *prompt)
 	    sudo_warn("setuid(%d)", ROOT_UID);
 	/* Close fds before uid change to prevent prlimit sabotage on Linux. */
 	closefrom(STDERR_FILENO + 1);
+	/* Run the askpass program with the user's original resource limits. */
+	restore_limits();
+	/* But avoid a setuid() failure on Linux due to RLIMIT_NPROC. */
+	unlimit_nproc();
 	if (setgid(user_details.gid)) {
 	    sudo_warn(U_("unable to set gid to %u"), (unsigned int)user_details.gid);
 	    _exit(255);
@@ -328,6 +332,7 @@ sudo_askpass(const char *askpass, const char *prompt)
 	    sudo_warn(U_("unable to set uid to %u"), (unsigned int)user_details.uid);
 	    _exit(255);
 	}
+	restore_nproc();
 	execl(askpass, askpass, prompt, (char *)NULL);
 	sudo_warn(U_("unable to run %s"), askpass);
 	_exit(255);