bugzilla-daemon at mindrot.org
2002-Jun-26 16:05 UTC
[Bug 301] New: In openssh 3.3 and 3.4 pam session seems be called from non-root
http://bugzilla.mindrot.org/show_bug.cgi?id=301 Summary: In openssh 3.3 and 3.4 pam session seems be called from non-root Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: critical Priority: P3 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: misiek at pld.org.pl I have limits set in limits.conf and I'm using pam_limits. Now sshd (with or without priviledge separation) started with ulimit -c 0 (core limit) does: 11860 geteuid() = 1000 ... 11860 getuid() = 1000 ... 11860 open("/etc/security/limits.conf", O_RDONLY) = 9 11860 fstat(9, {st_mode=S_IFREG|0644, st_size=2508, ...}) = 0 11860 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x126000 11860 read(9, "# /etc/security/limits.conf\n#\n#E"..., 4096) = 2508 11860 read(9, "", 4096) = 0 11860 close(9) = 0 11860 munmap(0x126000, 4096) = 0 11860 setreuid(1000, 4294967295) = 0 11860 setrlimit(RLIMIT_CPU, {rlim_cur=2147483647, rlim_max=2147483647}) = 0 11860 setrlimit(RLIMIT_FSIZE, {rlim_cur=2147483647, rlim_max=2147483647}) = 0 11860 setrlimit(RLIMIT_DATA, {rlim_cur=2147483647, rlim_max=2147483647}) = 0 11860 setrlimit(RLIMIT_STACK, {rlim_cur=2147483647, rlim_max=2147483647}) = 0 11860 setrlimit(RLIMIT_CORE, {rlim_cur=50000*1024, rlim_max=50000*1024}) = -1 EPERM (Operation not permitted) 11860 setrlimit(RLIMIT_RSS, {rlim_cur=2147483647, rlim_max=2147483647}) = 0 11860 setrlimit(RLIMIT_NPROC, {rlim_cur=257, rlim_max=257}) = 0 11860 setrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024}) = 0 11860 setrlimit(RLIMIT_MEMLOCK, {rlim_cur=2147483647, rlim_max=2147483647}) = 0 11860 setrlimit(RLIMIT_AS, {rlim_cur=2147483647, rlim_max=2147483647}) = 0 11860 setrlimit(0xa /* RLIMIT_??? */, {rlim_cur=2147483647, rlim_max=2147483647}) = 0 11860 setpriority(PRIO_PROCESS, 0, 0) = 0 11860 open("/etc/security/pam_mail.conf", O_RDONLY) = 9 As you can see setting RLIMIT_CORE failed because sshd is not running as root at this moment, pam returns LIMIT_ERR (1) and sshd tells me: Jun 26 17:57:46 arm sshd[4188]: fatal: PAM session setup failed[6]: Permission denied Why pam is no longer called as root? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.