Bug 301 - In openssh 3.3 and 3.4 pam session seems be called from non-root
Summary: In openssh 3.3 and 3.4 pam session seems be called from non-root
Status: CLOSED DUPLICATE of bug 83
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: -current
Hardware: All Linux
: P3 critical
Assignee: OpenSSH Bugzilla mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-06-27 02:05 AEST by Arkadiusz Miskiewicz
Modified: 2004-04-14 12:24 AEST (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arkadiusz Miskiewicz 2002-06-27 02:05:28 AEST 
I have limits set in limits.conf and I'm using pam_limits. Now sshd (with or
without priviledge separation) started with ulimit -c 0 (core limit) does:

11860 geteuid()                         = 1000
...
11860 getuid()                          = 1000
...
11860 open("/etc/security/limits.conf", O_RDONLY) = 9
11860 fstat(9, {st_mode=S_IFREG|0644, st_size=2508, ...}) = 0
11860 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x126000
11860 read(9, "# /etc/security/limits.conf\n#\n#E"..., 4096) = 2508
11860 read(9, "", 4096)                 = 0
11860 close(9)                          = 0
11860 munmap(0x126000, 4096)            = 0
11860 setreuid(1000, 4294967295)        = 0
11860 setrlimit(RLIMIT_CPU, {rlim_cur=2147483647, rlim_max=2147483647}) = 0
11860 setrlimit(RLIMIT_FSIZE, {rlim_cur=2147483647, rlim_max=2147483647}) = 0
11860 setrlimit(RLIMIT_DATA, {rlim_cur=2147483647, rlim_max=2147483647}) = 0
11860 setrlimit(RLIMIT_STACK, {rlim_cur=2147483647, rlim_max=2147483647}) = 0
11860 setrlimit(RLIMIT_CORE, {rlim_cur=50000*1024, rlim_max=50000*1024}) = -1
EPERM (Operation not permitted)
11860 setrlimit(RLIMIT_RSS, {rlim_cur=2147483647, rlim_max=2147483647}) = 0
11860 setrlimit(RLIMIT_NPROC, {rlim_cur=257, rlim_max=257}) = 0
11860 setrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024}) = 0
11860 setrlimit(RLIMIT_MEMLOCK, {rlim_cur=2147483647, rlim_max=2147483647}) = 0
11860 setrlimit(RLIMIT_AS, {rlim_cur=2147483647, rlim_max=2147483647}) = 0
11860 setrlimit(0xa /* RLIMIT_??? */, {rlim_cur=2147483647,
rlim_max=2147483647}) = 0
11860 setpriority(PRIO_PROCESS, 0, 0)   = 0
11860 open("/etc/security/pam_mail.conf", O_RDONLY) = 9

As you can see setting RLIMIT_CORE failed because sshd is not running as root at
this moment, pam returns LIMIT_ERR (1) and sshd tells me:
Jun 26 17:57:46 arm sshd[4188]: fatal: PAM session setup failed[6]: Permission
denied

Why pam is no longer called as root?
Comment 1 Dmitry V. Levin 2002-06-27 03:09:07 AEST 
In your case, to make pam_limits work,
use "ulimit -Sc 0" instead of "ulimit -c 0".
Comment 2 Arkadiusz Miskiewicz 2002-06-27 03:12:46 AEST 
I don't want ugly workaround. I want openssh to be fixed :)
Comment 3 Arkadiusz Miskiewicz 2002-10-16 10:14:16 AEST 
Of course this bug is not fixed even in latest 3.5 release :-( PAM really
_needs_ root priviledges. Any comments?
Comment 4 Damien Miller 2002-10-16 13:08:41 AEST 

*** This bug has been marked as a duplicate of 84 ***
Comment 5 Damien Miller 2002-10-16 13:09:27 AEST 
*** This bug has been marked as a duplicate of 83 ***

*** This bug has been marked as a duplicate of 83 ***
Comment 6 Damien Miller 2004-04-14 12:24:18 AEST 
Mass change of RESOLVED bugs to CLOSED