--- /dev/null
+diff -ur openssh-3.2.3p1.orig/session.c openssh-3.2.3p1/session.c
+--- openssh-3.2.3p1.orig/session.c Mon May 13 02:48:58 2002
++++ openssh-3.2.3p1/session.c Thu May 30 21:33:40 2002
+@@ -340,6 +340,44 @@
+ }
+ }
+
++struct _user_limits_struct {
++ int supported;
++ struct rlimit limit;
++};
++
++static int _save_limits(struct _user_limits_struct *pl)
++{
++ int i, r;
++ int retval = 0;
++
++ for(i = 0; i < RLIM_NLIMITS; i++) {
++ pl[i].supported = 0;
++ pl[i].limit.rlim_cur = RLIM_INFINITY;
++ pl[i].limit.rlim_max = RLIM_INFINITY;
++ r = getrlimit(i, &pl[i].limit);
++ if (r == -1) {
++ if (errno != EINVAL) {
++ retval = -1;
++ }
++ } else {
++ pl[i].supported = 1;
++ }
++ }
++
++ return retval;
++}
++
++static void _restore_limits(struct _user_limits_struct *pl)
++{
++ int i;
++ int status;
++
++ for (i=0; i<RLIM_NLIMITS; i++) {
++ if (pl[i].supported)
++ status |= setrlimit(i, &pl[i].limit);
++ }
++}
++
+ /*
+ * This is called to fork and execute a command when we have no tty. This
+ * will call do_child from the child, and server_loop from the parent after
+@@ -349,6 +387,9 @@
+ do_exec_no_pty(Session *s, const char *command)
+ {
+ int pid;
++#if defined(USE_PAM)
++ struct _user_limits_struct pl[RLIM_NLIMITS];
++#endif /* USE_PAM */
+
+ #ifdef USE_PIPES
+ int pin[2], pout[2], perr[2];
+@@ -370,6 +411,7 @@
+ session_proctitle(s);
+
+ #if defined(USE_PAM)
++ _save_limits(pl);
+ do_pam_session(s->pw->pw_name, NULL);
+ do_pam_setcred(1);
+ if (is_pam_password_change_required())
+@@ -430,6 +472,9 @@
+ do_child(s, command);
+ /* NOTREACHED */
+ }
++#if defined(USE_PAM)
++ _restore_limits(pl);
++#endif /* USE_PAM */
+ #ifdef HAVE_CYGWIN
+ if (is_winnt)
+ cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
+@@ -481,6 +526,9 @@
+ {
+ int fdout, ptyfd, ttyfd, ptymaster;
+ pid_t pid;
++#if defined(USE_PAM)
++ struct _user_limits_struct pl[RLIM_NLIMITS];
++#endif /* USE_PAM */
+
+ if (s == NULL)
+ fatal("do_exec_pty: no session");
+@@ -488,6 +536,7 @@
+ ttyfd = s->ttyfd;
+
+ #if defined(USE_PAM)
++ _save_limits(pl);
+ do_pam_session(s->pw->pw_name, s->tty);
+ do_pam_setcred(1);
+ #endif
+@@ -528,6 +577,9 @@
+ do_child(s, command);
+ /* NOTREACHED */
+ }
++#if defined(USE_PAM)
++ _restore_limits(pl);
++#endif /* USE_PAM */
+ #ifdef HAVE_CYGWIN
+ if (is_winnt)
+ cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);