pam limits drops privileges

From: Tarhon-Onu Victor (mitucat_private)
Date: Wed Sep 05 2001 - 14:37:52 PDT

Next message: Marc Maiffret: "%u encoding IDS bypass vulnerability"

Previous message: secureat_private: "[CLA-2001:419] Conectiva Linux Security Announcement - fetchmail"
Next in thread: Chris Adams: "Re: pam limits drops privileges"
Reply: Chris Adams: "Re: pam limits drops privileges"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

	Tested with: RedHat Linux
		pam-0.74-22, pam-0.75-7, util-linux-2.10s,
		util-linux-2.10s-12, in any combination.
	Posted on: Bugzilla and Pam-Bugs.
	Distribution dependent: dunno, but I think it's a pam bug.

	Problem description: If there are any limits set for a group of
users then those users, logging in by any method using /bin/login (console
login, telnet, etc) can get privileges of the last user last logged in
via ssh (we're using openssh).
	How to reproduce:
	# groupadd testgroup
	# useradd testuser -g testgroup
	# echo '@testgroup  -  maxlogins  2'
	ssh (let's say) as root into your box, then telnet into it and
login as testuser... and enjoy.

	I think this is a big problem because It's difficult to manage a
>200 users system without group/user limits.

-- 
Tarhon-Onu Victor
Network and System Engineer
RDS Iasi - Network Operations Center
Phone: +40-32-218385

Next message: Marc Maiffret: "%u encoding IDS bypass vulnerability"
Previous message: secureat_private: "[CLA-2001:419] Conectiva Linux Security Announcement - fetchmail"
Next in thread: Chris Adams: "Re: pam limits drops privileges"
Reply: Chris Adams: "Re: pam limits drops privileges"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 15:45:25 PDT