Source: doas Version: 6.8.1-2 Severity: important Tags: security X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi It looks that doas replicates the PAM configuration from sudo, which is missing the inclusion for pam_limits.so (cf. #518464). The oss-security post in https://www.openwall.com/lists/oss-security/2021/10/20/2 given some details on why. For sudo I created the following merge request https://salsa.debian.org/sudo-team/sudo/-/merge_requests/7 and can sent as similar change for 'doas' if needed. Regards, Salvatore
