* <type> <limit> <value> broken

Bug #1691847 reported by Michael Aguilar on 2017-05-18
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pam (Ubuntu)

Bug Description

I identified a bug in the pam_limits.c source code for Ubuntu 16.04LTS, as follows:

It appears that I managed to modify/"fix" the '*' unlimited memlock error in pam_limits.c.

After compiling and running the modified code with the /etc/security/limits.conf line of '* - memlock unlimited', I am getting my user limits setting as 'ulimit -l unlimited'.

After studying the code more carefully, I found that the C function, parse _config_file was first gathering the domain entry for the user/group/everyone in an sscanf function. Using the domain result, a second function was called from within a loop, parse_uid_range. A range_type value, an integer reflecting the set range of users was to be returned to the parse_config_file function. However, in the case of '*' (Kleene star), no range_type was ever returned. Further down in parse_config_file, the range_type was checked for a LIMIT_RANGE_NONE value and '*' (the Kleene star). Because range_type did not hold the LIMIT_RANGE_NONE value, the process_limit function call was never made for '*' and instead a line break occurred that by-passed the execution of putting in universal limits.

Michael Aguilar (mjaguil) wrote :

This is the patch that I came up with to fix pam_limits.c

The repair was to add 2 lines to top of the parse_uid_range function:

if (range[0]== '*' )
    return LIMIT_RANGE_NONE;

and to fix the Use/Case for limits set for the root user in parse_config_file:

if ( uid==0) { //don't process root limits unless specified in the config file
                                                                break; // fall out of switch/case because we are root

description: updated
description: updated
description: updated

The attachment "Add to parser system the fix" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Brian Murray (brian-murray) wrote :

This looks like it may still be an issue in the pam from artful (1.1.8-3.2ubuntu3). Would you mind taking this to the upstream pam developers?

tags: added: xenial
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers