* <type> <limit> <value> broken
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pam (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
I identified a bug in the pam_limits.c source code for Ubuntu 16.04LTS, as follows:
It appears that I managed to modify/"fix" the '*' unlimited memlock error in pam_limits.c.
After compiling and running the modified code with the /etc/security/
After studying the code more carefully, I found that the C function, parse _config_file was first gathering the domain entry for the user/group/everyone in an sscanf function. Using the domain result, a second function was called from within a loop, parse_uid_range. A range_type value, an integer reflecting the set range of users was to be returned to the parse_config_file function. However, in the case of '*' (Kleene star), no range_type was ever returned. Further down in parse_config_file, the range_type was checked for a LIMIT_RANGE_NONE value and '*' (the Kleene star). Because range_type did not hold the LIMIT_RANGE_NONE value, the process_limit function call was never made for '*' and instead a line break occurred that by-passed the execution of putting in universal limits.
description: | updated |
description: | updated |
This is the patch that I came up with to fix pam_limits.c
The repair was to add 2 lines to top of the parse_uid_range function:
if (range[0]== '*' )
return LIMIT_RANGE_NONE;
and to fix the Use/Case for limits set for the root user in parse_config_file:
if ( uid==0) { //don't process root limits unless specified in the config file
break; // fall out of switch/case because we are root