|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Security-Discuss] SSH, privilege separation and pam_limits
From: Vincent Haverlant (vincent
haverlant.org)
Date: Fri Sep 03 2004 - 06:41:40 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi all,
Looking through the ML archive I saw a problem related to ssh and
pam_limits has already arisen before. Here is what happens to me.
I noticed the same error message as mentioned a few month earlier:
Sep 2 14:54:48 sauron sshd[4455]: Accepted password for testssh from 127.0.0.1 port 52047 ssh2
Sep 2 14:54:48 sauron pam_limits[4457]: setrlimit 11 to -1073762236 failed: Operation not permitted
Sep 2 14:54:48 sauron sshd(pam_unix)[4457]: session opened for user testssh by (uid=508)
Sep 2 14:54:48 sauron sshd[4457]: fatal: PAM session setup failed[6]: Permission denied
This error prevents the user from login on the host.
In fact I have indeed specified limits in the /etc/security/limits.conf
testssh soft nofile 2048
testssh hard nofile 4096
I found a workaround, however, to this limits issue. By specifying
explicitly *not* to use privilege separation, the login is successful.
Could it be that sshd drops privileges too early to be able to use the
setrlimit call ? Is this feature solved in the latest Openssh upstream
version ? Should I somehow file a bug report ? How ?
Regards,
Vincent.
--
.~. Vincent Haverlant -- Galadril -- #ICQ: 35695155
/V\ MSN: vincent_msnhaverlant.org -- http://www.haverlant.org/
/( )\ Parinux member: http://www.parinux.org/
^^-^^ GPG: 8FEA 52C2 5C54 A201 2375 0FA5 AF2E 1881 92D0 EE84
____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]