Bug 2263

Summary:

sshd privsep monitor process doesn't handle SIGXFSZ signal

Product:

Portable OpenSSH

Reporter:

Petr Lautrbach <plautrba>

Component:

sshd

Assignee:

Damien Miller <djm>

Status:

CLOSED FIXED

Severity:

normal

CC:

djm

Priority:

Version:

6.6p1

Hardware:

All

OS:

Linux

Bug Depends on:

Bug Blocks:

2226

Attachments:

Description	Flags
Ignore SIGXFSZ in preauth monitor	none
Ignore SIGXFSZ in postauth monitor child	none
Ignore SIGXFSZ in postauth monitor child	none

Description Petr Lautrbach 2014-08-23 00:31:26 AEST

FreeIPA allocates a random uid range for its use between 200k and 2G. If an user with uid like 1280000008 logs in, the lastlog file size jumps to almost 400G as lastlog is defined as a sparse file. 

The problem is when PAM with pam_limit module is used and the user has fsize limit set. When sshd monitor process tries to write lastlog file, it's already limited by pam_limit as a pam session is opened. And when the lastlog file is bigger than the fsize limit, the process gets SIGXFSZ signal and silently dies.

In other cases when lastlog entry can't be written, sshd logs the problem and continues. Therefore I think that SIGXFSZ signal could be ignored in the monitor process. atomicio() would set correctly errno and lastlog_write_entry() would log the file size problem.

Comment 1 Damien Miller 2014-08-23 03:09:58 AEST

Created attachment 2461 [details]
Ignore SIGXFSZ in preauth monitor

Comment 2 Damien Miller 2014-08-23 03:10:56 AEST

This will be in openssh-6.7

Comment 3 Petr Lautrbach 2014-08-27 00:34:19 AEST

Unfortunatelly, it doesn't fix the issue. lastlog is written in postauth phase so SIGXFSZ has to be ignored there.

Comment 4 Petr Lautrbach 2014-08-27 00:39:27 AEST

Created attachment 2462 [details]
Ignore SIGXFSZ in postauth monitor child

Using this patch, the following message is logged in the described scenario:

Aug 26 16:31:14 hulk.w.lan sshd[27852]: lastlog_write_entry: Error writing to /var/log/lastlog: File too large

Reproducer:
- create an user with uid 1280000008
- set openssh to use pam
- set pam to use pam_limit.so
session     required      pam_limits.so

- add following line to /etc/security/limits.conf
user             hard    fsize           1024000

- try to login as user

Comment 5 Petr Lautrbach 2014-08-27 00:47:39 AEST

Created attachment 2463 [details]
Ignore SIGXFSZ in postauth monitor child

Comment 6 Damien Miller 2014-08-27 04:12:44 AEST

applied - thanks

Comment 7 Damien Miller 2014-10-08 08:00:28 AEDT

Close all bugs left open from 6.6 and 6.7 releases.