Re: pam limits drops privileges

From: Lukasz Trabinski (lukasz@lt.wsisiz.edu.pl)
Date: 09/09/01

• Previous message: Chris Nandor: "Re: Insecure handling of notes in Slashcode"
• Maybe in reply to: Tarhon-Onu Victor: "pam limits drops privileges"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 9 Sep 2001 18:53:13 +0200 (CEST)
From: Lukasz Trabinski <lukasz@lt.wsisiz.edu.pl>
To: Tarhon-Onu Victor <mituc@iasi.rdsnet.ro>
Subject: Re: pam limits drops privileges
Message-ID: <Pine.LNX.4.33.0109091846570.1301-100000@lt.wsisiz.edu.pl>

On Sat, 8 Sep 2001, Tarhon-Onu Victor wrote:

> Man, come on, let test login, what the hell?! I want to show there
> is a bug here, not to give you the oportunity to show everyone that your
> limits work. They work for me too, but you're missing the point. I told
> you to kill all test's processes before trying this. Well, you didn't, and
> that's why it doesn't work.

OK, sorry!
I would like to CONFIRM this bug :-), My last tests was not very
precisely. :)

There is a little test:

There is a test user:

lt:~$ id test
uid=503(test) gid=509(test) groups=509(test)
pam-0.74-22

Only root is login on console tty1

Now, I try login as user test on tty2:

login: test
Password:
Last login: Sun Sep 9 18:29:38 on tty2
lt:~# id
uid=0(root) gid=0(root) groups=509(test)

Taadam. Test user has uid=0 and gid=0 :-)

If we remove line:
@test - maxlogins 2
from /etc/security/limits.conf
or line:
session required /lib/security/pam_limits.so
from /etc/pam.d/login it's works correctly, we can login as test on tty2
without root privilege. :-)

login: test
Password:
Last login: Sun Sep 9 18:29:28 on tty1
lt:~$ id
uid=503(test) gid=509(test) groups=509(test)

bash-2.05$ rpm -q pam
pam-0.74-22
bash-2.05$ uname -r
2.4.9

-- 
*[ Łukasz Trąbiński ]*
SysAdmin @wsisiz.edu.pl

---

• Previous message: Chris Nandor: "Re: Insecure handling of notes in Slashcode"
• Maybe in reply to: Tarhon-Onu Victor: "pam limits drops privileges"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages pam limits drops privileges ... Subject: pam limits drops privileges ... login, telnet, etc) can get privileges of the last user last logged in ... login as testuser... ... (Bugtraq) SiteMinder Multiple Vulnerabilities ... 3: Bug Impact Rate: Medium / Hi ... eTrust SiteMinder delivers the market’s most advanced security management capabilities ... the login page of a site. ... (Bugtraq) [Full-disclosure] SiteMinder Multiple Vulnerabilities ... 3: Bug Impact Rate: Medium / Hi ... eTrust SiteMinder delivers the market's most advanced ... the login page of a site. ... (Full-Disclosure) Re: pam_limits.so Bug!! ... It is an util-linux login bug, ... >> And also added below line to pam configuration of login: ... (Bugtraq) Re: SSH Auth Failure? ... RedHat really introduced one more bug. ... When authenting through kerberos, ... I do not understand why the login process should take longer time than ... As for the log messages, ... (RedHat)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)