[Bug 301] New: In openssh 3.3 and 3.4 pam session seems be called from non-root

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Jun 27 02:05:31 EST 2002 

http://bugzilla.mindrot.org/show_bug.cgi?id=301

           Summary: In openssh 3.3 and 3.4 pam session seems be called from
                    non-root
           Product: Portable OpenSSH
           Version: -current
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: critical
          Priority: P3
         Component: sshd
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: misiek at pld.org.pl


I have limits set in limits.conf and I'm using pam_limits. Now sshd (with or
without priviledge separation) started with ulimit -c 0 (core limit) does:

11860 geteuid()                         = 1000
...
11860 getuid()                          = 1000
...
11860 open("/etc/security/limits.conf", O_RDONLY) = 9
11860 fstat(9, {st_mode=S_IFREG|0644, st_size=2508, ...}) = 0
11860 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x126000
11860 read(9, "# /etc/security/limits.conf\n#\n#E"..., 4096) = 2508
11860 read(9, "", 4096)                 = 0
11860 close(9)                          = 0
11860 munmap(0x126000, 4096)            = 0
11860 setreuid(1000, 4294967295)        = 0
11860 setrlimit(RLIMIT_CPU, {rlim_cur=2147483647, rlim_max=2147483647}) = 0
11860 setrlimit(RLIMIT_FSIZE, {rlim_cur=2147483647, rlim_max=2147483647}) = 0
11860 setrlimit(RLIMIT_DATA, {rlim_cur=2147483647, rlim_max=2147483647}) = 0
11860 setrlimit(RLIMIT_STACK, {rlim_cur=2147483647, rlim_max=2147483647}) = 0
11860 setrlimit(RLIMIT_CORE, {rlim_cur=50000*1024, rlim_max=50000*1024}) = -1
EPERM (Operation not permitted)
11860 setrlimit(RLIMIT_RSS, {rlim_cur=2147483647, rlim_max=2147483647}) = 0
11860 setrlimit(RLIMIT_NPROC, {rlim_cur=257, rlim_max=257}) = 0
11860 setrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024}) = 0
11860 setrlimit(RLIMIT_MEMLOCK, {rlim_cur=2147483647, rlim_max=2147483647}) = 0
11860 setrlimit(RLIMIT_AS, {rlim_cur=2147483647, rlim_max=2147483647}) = 0
11860 setrlimit(0xa /* RLIMIT_??? */, {rlim_cur=2147483647,
rlim_max=2147483647}) = 0
11860 setpriority(PRIO_PROCESS, 0, 0)   = 0
11860 open("/etc/security/pam_mail.conf", O_RDONLY) = 9

As you can see setting RLIMIT_CORE failed because sshd is not running as root at
this moment, pam returns LIMIT_ERR (1) and sshd tells me:
Jun 26 17:57:46 arm sshd[4188]: fatal: PAM session setup failed[6]: Permission
denied

Why pam is no longer called as root?



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-unix-dev mailing list