[Bug 2263] New: sshd privsep monitor process doesn't handle SIGXFSZ signal

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Aug 23 00:31:26 EST 2014


https://bugzilla.mindrot.org/show_bug.cgi?id=2263

            Bug ID: 2263
           Summary: sshd privsep monitor process doesn't handle SIGXFSZ
                    signal
           Product: Portable OpenSSH
           Version: 6.6p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: plautrba at redhat.com

FreeIPA allocates a random uid range for its use between 200k and 2G.
If an user with uid like 1280000008 logs in, the lastlog file size
jumps to almost 400G as lastlog is defined as a sparse file. 

The problem is when PAM with pam_limit module is used and the user has
fsize limit set. When sshd monitor process tries to write lastlog file,
it's already limited by pam_limit as a pam session is opened. And when
the lastlog file is bigger than the fsize limit, the process gets
SIGXFSZ signal and silently dies.

In other cases when lastlog entry can't be written, sshd logs the
problem and continues. Therefore I think that SIGXFSZ signal could be
ignored in the monitor process. atomicio() would set correctly errno
and lastlog_write_entry() would log the file size problem.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list