Bug#388431: pam_limits.so incorrectly allows real-time scheduling to unprivileged users by default

Wed, 20 Sep 2006 05:01:59 -0700 

Package: libpam-modules
Version: 0.79-3.2
Severity: critical
Module pam_limits.so blindly sets almost all available limits to the unlimited value, including RLIMIT_NICE and RLIMIT_RTPRIO that should be set to zero instead (this is also kernel's default). This gives all users unlimited access to the real-time scheduling which can be used to completely lock up the entire system. I discovered it accidentally when my laptop locked up when I was experimenting with ecasound and alsa plugins. This problem appeared right after upgrading from 0.79-3.1 to 0.79-3.2 but source change is not to blame --- building with newer libc6-dev package is likely the direct cause of this problem (because RLIMIT_NICE and RLIMIT_RTPRIO were probably not available when previous version of the libpam-modules were built). With libpam-modules_0.79-3.1 I have (/etc/security/limits.conf is not modified): 

$ ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
max nice                        (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) unlimited
max locked memory       (kbytes, -l) unlimited
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) unlimited
max rt priority                 (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) unlimited
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
But after upgrading to libpam_modules-0.79-3.2 and logging out and in I get: 

$ ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
max nice                        (-e) unlimited
file size               (blocks, -f) unlimited
pending signals                 (-i) unlimited
max locked memory       (kbytes, -l) unlimited
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) unlimited
max rt priority                 (-r) unlimited
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) unlimited
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

--

Ville Hallik



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to