diff -ur openssh-3.2.3p1.orig/session.c openssh-3.2.3p1/session.c
--- openssh-3.2.3p1.orig/session.c	Mon May 13 02:48:58 2002
+++ openssh-3.2.3p1/session.c	Thu May 30 21:33:40 2002
@@ -340,6 +340,44 @@
 	}
 }
 
+struct _user_limits_struct {
+    int supported;
+    struct rlimit limit;
+};
+
+static int _save_limits(struct _user_limits_struct *pl)
+{
+    int i, r;
+    int retval = 0;
+
+    for(i = 0; i < RLIM_NLIMITS; i++) {
+	pl[i].supported = 0;
+	pl[i].limit.rlim_cur = RLIM_INFINITY;
+	pl[i].limit.rlim_max = RLIM_INFINITY;
+	r = getrlimit(i, &pl[i].limit);
+	if (r == -1) {
+	    if (errno != EINVAL) {
+		retval = -1;
+	    }
+	} else {
+	    pl[i].supported = 1;
+	}
+    }
+
+    return retval;
+}    
+
+static void _restore_limits(struct _user_limits_struct *pl)
+{
+    int i;
+    int status;
+
+    for (i=0; i<RLIM_NLIMITS; i++) {
+	if (pl[i].supported)
+	    status |= setrlimit(i, &pl[i].limit);
+    }
+}
+            
 /*
  * This is called to fork and execute a command when we have no tty.  This
  * will call do_child from the child, and server_loop from the parent after
@@ -349,6 +387,9 @@
 do_exec_no_pty(Session *s, const char *command)
 {
 	int pid;
+#if defined(USE_PAM)
+	struct _user_limits_struct pl[RLIM_NLIMITS];
+#endif /* USE_PAM */
 
 #ifdef USE_PIPES
 	int pin[2], pout[2], perr[2];
@@ -370,6 +411,7 @@
 	session_proctitle(s);
 
 #if defined(USE_PAM)
+	_save_limits(pl);
 	do_pam_session(s->pw->pw_name, NULL);
 	do_pam_setcred(1);
 	if (is_pam_password_change_required())
@@ -430,6 +472,9 @@
 		do_child(s, command);
 		/* NOTREACHED */
 	}
+#if defined(USE_PAM)
+	_restore_limits(pl);
+#endif /* USE_PAM */
 #ifdef HAVE_CYGWIN
 	if (is_winnt)
 		cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
@@ -481,6 +526,9 @@
 {
 	int fdout, ptyfd, ttyfd, ptymaster;
 	pid_t pid;
+#if defined(USE_PAM)
+	struct _user_limits_struct pl[RLIM_NLIMITS];
+#endif /* USE_PAM */
 
 	if (s == NULL)
 		fatal("do_exec_pty: no session");
@@ -488,6 +536,7 @@
 	ttyfd = s->ttyfd;
 
 #if defined(USE_PAM)
+	_save_limits(pl);
 	do_pam_session(s->pw->pw_name, s->tty);
 	do_pam_setcred(1);
 #endif
@@ -528,6 +577,9 @@
 		do_child(s, command);
 		/* NOTREACHED */
 	}
+#if defined(USE_PAM)
+	_restore_limits(pl);
+#endif /* USE_PAM */
 #ifdef HAVE_CYGWIN
 	if (is_winnt)
 		cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);