Preserve RLIMIT_CORE hard limit, and restore soft limit before exec

Closes mobile-shell#196.

src/crypto/crypto.cc

@@ -283,16 +283,32 @@ Message Session::decrypt( string ciphertext )
   return ret;
 }
 
+static rlim_t saved_core_rlimit;
+
 /* Disable dumping core, as a precaution to avoid saving sensitive data
    to disk. */
 void Crypto::disable_dumping_core( void ) {
   struct rlimit limit;
-  limit.rlim_cur = 0;
-  limit.rlim_max = 0;
-  if ( 0 != setrlimit( RLIMIT_CORE, &limit ) ) {
+  if ( 0 != getrlimit( RLIMIT_CORE, &limit ) ) {
     /* We don't throw CryptoException because this is called very early
        in main(), outside of 'try'. */
+    perror( "getrlimit(RLIMIT_CORE)" );
+    exit( 1 );
+  }
+
+  saved_core_rlimit = limit.rlim_cur;
+  limit.rlim_cur = 0;
+  if ( 0 != setrlimit( RLIMIT_CORE, &limit ) ) {
     perror( "setrlimit(RLIMIT_CORE)" );
     exit( 1 );
   }
 }
+
+void Crypto::reenable_dumping_core( void ) {
+  /* Silent failure is safe. */
+  struct rlimit limit;
+  if ( 0 == getrlimit( RLIMIT_CORE, &limit ) ) {
+    limit.rlim_cur = saved_core_rlimit;
+    setrlimit( RLIMIT_CORE, &limit );
+  }
+}

src/crypto/crypto.h

@@ -113,6 +113,7 @@ namespace Crypto {
   };
 
   void disable_dumping_core( void );
+  void reenable_dumping_core( void );
 }
 
 #endif

src/frontend/mosh-server.cc

@@ -401,6 +401,8 @@ int run_server( const char *desired_ip, const char *desired_port,
       print_motd();
     }
 
+    Crypto::reenable_dumping_core();
+
     if ( execvp( command_path.c_str(), command_argv ) < 0 ) {
       perror( "execvp" );
       _exit( 1 );