Bug 457024 - pam_tally file handler leak, causing DOS
Summary: pam_tally file handler leak, causing DOS
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: pam
Version: 5.2
Hardware: All
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Tomas Mraz
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-07-29 09:53 UTC by John Lau
Modified: 2009-01-20 22:04 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-01-20 22:04:07 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Patch for the unclosed file handler (340 bytes, patch)
2008-07-29 09:53 UTC, John Lau 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2009:0222 0 normal SHIPPED_LIVE pam bug fix and enhancement update 2009-01-20 16:06:23 UTC

Description John Lau 2008-07-29 09:53:31 UTC 
Description of problem:

After pam_tally have been setup for a system (e.g.
http://kbase.redhat.com/faq/FAQ_103_12548.shtm ) and cyrus-imapd is running and
using PAM as authentication system, we found that cyrus-imapd would failed to
work after about 1500 POP3 email checking. And it would work again after we
restart the saslauthd.

From the lsof result, we can see that there are many unclosed file handlers to
/var/log/faillog holding by saslauthd, which should be opened by pam_tally.so.
And in /var/log/secure there are a lot of the following message:

Jul 29 14:32:12 rhel5-1 saslauthd[19496]: PAM unable to
dlopen(/lib/security/$ISA/pam_env.so)
Jul 29 14:32:12 rhel5-1 saslauthd[19496]: PAM [error:
/lib/security/../../lib/security/pam_env.so: cannot open shared object file: Too
many open files]
Jul 29 14:32:12 rhel5-1 saslauthd[19496]: PAM adding faulty module:
/lib/security/$ISA/pam_env.so

Version-Release number of selected component (if applicable):
pam-0.99.6.2-3.27.el5

How reproducible:
Always

Steps to Reproduce:
1. Add pam_tally.so to system-auth (no "deny=" is set)
2. Setup cyrus-imapd as a POP3 email server
3. Login and out the server for about 1500 times
  
Actual results:
Cannot login the server anymore

Expected results:
Can login the server

Additional info:
I studied the source code and it seems like a file handler is not closed in the
"tally_check" function, which is opened by the "get_tally" function.
Comment 1 John Lau 2008-07-29 09:53:31 UTC 
Created attachment 312854 [details]
Patch for the unclosed file handler
Comment 2 RHEL Program Management 2008-07-29 10:41:21 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 7 errata-xmlrpc 2009-01-20 22:04:07 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0222.html
Note You need to log in before you can comment on or make changes to this bug.