pam session does not work in xrdp
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
xrdp (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
pam session management does not work in xrdp, because auth_start_session is called _after_ the Xserver.
This is already reported here (but not fixed):
https:/
As we discovered, it is also an (slight) security Issue, as the pam_limits.so will not work as intended:
Mar 14 14:59:56 gar-ws-rbg06 xrdp-sesman: pam_krb5(
Mar 14 14:59:56 gar-ws-rbg06 xrdp-sesman: pam_unix(
Mar 14 14:59:56 gar-ws-rbg06 systemd-
Mar 14 14:59:56 gar-ws-rbg06 xrdp-sesman: pam_limits(
So the user Session is created even if the user is not authorized to open sessions on the system.
The cure would be to move the call to auth_start_session before the forks.
Description: Ubuntu 16.04.2 LTS
Release: 16.04
root@gar-
xrdp:
Installed: 0.6.1-2
Candidate: 0.6.1-2
Version table:
*** 0.6.1-2 500
500 http://
500 http://
100 /var/lib/
root@gar-
Hello Klaus, is this a usability issue or does this also allow someone to improperly elevate their privileges?
Thanks