Bug 68590 - FC: rexecd does not set limits on /etc/security/limits
Summary: FC: rexecd does not set limits on /etc/security/limits
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: rsh
Version: rawhide
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Karel Zak
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-07-11 14:21 UTC by Eddie Quinteros
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-01-28 07:36:08 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Eddie Quinteros 2002-07-11 14:21:22 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.7 [en] (WinNT; I)

Description of problem:
We added these lines to /etc/security/limits :
 *       soft    nofile  1700
 *       hard    nofile  4096

 And this one to /etc/pam.d/rexec :
 session required /lib/security/pam_limits.so

 However processes started by rexec do not use the new limits.
 For example "rexec -l user -p passwd localhost ulimit -a" still prints 
 1024 as the number of open files.

When doing rsh of ulimits -a  I can see that open files is set to 1700
 However when doing rexec open files is set to 1024.

 I have taken traces of both commands and I now can see why.
 rshd does reads /etc/security/limits.conf and set the limis accordingly
 while rexecd does not it just set limits to default.

 Here is the proof.

 This is a trace of rshd , I just grep for limits here.
 and as we can see it reads /etc/security/limits.conf

 1916  setrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024}) = 0
 1916  open("/lib/security/pam_limits.so", O_RDONLY) = 5
 1916  getrlimit(0, 0xbffdd960)          = 0
 1916  getrlimit(0x1, 0xbffdd970)        = 0
 1916  getrlimit(0x2, 0xbffdd980)        = 0
 1916  getrlimit(0x3, 0xbffdd990)        = 0
 1916  getrlimit(0x4, 0xbffdd9a0)        = 0
 1916  getrlimit(0x5, 0xbffdd9b0)        = 0
 1916  getrlimit(0x6, 0xbffdd9c0)        = 0
 1916  getrlimit(0x7, 0xbffdd9d0)        = 0
 1916  getrlimit(0x8, 0xbffdd9e0)        = 0
 1916  getrlimit(0x9, 0xbffdd9f0)        = 0
 1916  getrlimit(0xa, 0xbffdda00)        = 0
 1916  open("//etc/security/limits.conf", O_RDONLY) = 4
 1916  read(4, "# /etc/security/limits.conf\n#\n#E"..., 4096) = 1396
 1916  setrlimit(RLIMIT_CPU, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 
 0
 1916  setrlimit(RLIMIT_FSIZE, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) 
 = 0
 1916  setrlimit(RLIMIT_DATA, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 
 0
 1916  setrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
 1916  setrlimit(RLIMIT_CORE, {rlim_cur=0, rlim_max=RLIM_INFINITY}) = 0
 1916  setrlimit(RLIMIT_RSS, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 
 0
 1916  setrlimit(RLIMIT_NPROC, {rlim_cur=10238, rlim_max=10238}) = 0
 1916  setrlimit(RLIMIT_NOFILE, {rlim_cur=1700, rlim_max=4*1024}) = 0
 1916  setrlimit(RLIMIT_MEMLOCK, {rlim_cur=RLIM_INFINITY, 
 rlim_max=RLIM_INFINITY}) = 0
 1916  setrlimit(RLIMIT_AS, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
 1916  setrlimit(0xa /* RLIMIT_??? */, {rlim_cur=RLIM_INFINITY, 
 rlim_max=RLIM_INFINITY}) = 0
 1918  getrlimit(0x7, 0xbffdfb90)        = 0
 1918  execve("/bin/bash", ["bash", "-c", "ulimit -a"], [/* 4 vars */]) = 0
 1918  getrlimit(0x4, 0xbffffbf0)        = 0
 1918  getrlimit(0x2, 0xbffffbf0)        = 0
 1918  getrlimit(0x1, 0xbffffbf0)        = 0
 1918  getrlimit(0x8, 0xbffffbf0)        = 0
 1918  getrlimit(0x5, 0xbffffbf0)        = 0
 1918  getrlimit(0x7, 0xbffffbf0)        = 0
 1918  getrlimit(0x3, 0xbffffbf0)        = 0
 1918  getrlimit(0, 0xbffffbf0)          = 0
 1918  getrlimit(0x6, 0xbffffbf0)        = 0
 1918  getrlimit(0x9, 0xbffffbf0)        = 0

 Here is a trace of rexecd and I grep for limit. As we can see
 /etc/security/limits.conf values are not reset.

 1678  setrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024}) = 0
 1678  open("/lib/security/pam_limits.so", O_RDONLY) = 6
 1678  getrlimit(0x7, 0xbffdfbb0)        = 0
 1678  execve("/bin/bash", ["bash", "-c", "ulimit -a"], [/* 4 vars */]) = 0
 1678  getrlimit(0x4, 0xbffffbf0)        = 0
 1678  getrlimit(0x2, 0xbffffbf0)        = 0
 1678  getrlimit(0x1, 0xbffffbf0)        = 0
 1678  getrlimit(0x8, 0xbffffbf0)        = 0
 1678  getrlimit(0x5, 0xbffffbf0)        = 0
 1678  getrlimit(0x7, 0xbffffbf0)        = 0
 1678  getrlimit(0x3, 0xbffffbf0)        = 0
 1678  getrlimit(0, 0xbffffbf0)          = 0
 1678  getrlimit(0x6, 0xbffffbf0)        = 0
 1678  getrlimit(0x9, 0xbffffbf0)        = 0

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. change the nofiles limits in /etc/security/limits
2.change /etc/pam.d/rexec to have pam limits
3.rexec -l user -p passwd localhost ulimit -a stills print the default limits not the ones we just set up.
	

Additional info:

Comment 1 Tomas Mraz 2004-11-16 13:29:51 UTC
The problem is that the rexecd doesn't call pam_open_session where the
limits are applied as rshd calls.

Comment 2 Karel Zak 2004-11-17 17:47:49 UTC
Fixed in devel branch rsh-0.17-25 [FC-4].


Note You need to log in before you can comment on or make changes to this bug.