Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 68590 - FC: rexecd does not set limits on /etc/security/limits
Summary: FC: rexecd does not set limits on /etc/security/limits
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: rsh
Version: rawhide
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Karel Zak
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-07-11 14:21 UTC by Eddie Quinteros
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-01-28 07:36:08 UTC


Attachments (Terms of Use)

Description Eddie Quinteros 2002-07-11 14:21:22 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.7 [en] (WinNT; I)

Description of problem:
We added these lines to /etc/security/limits :
 *       soft    nofile  1700
 *       hard    nofile  4096

 And this one to /etc/pam.d/rexec :
 session required /lib/security/pam_limits.so

 However processes started by rexec do not use the new limits.
 For example "rexec -l user -p passwd localhost ulimit -a" still prints 
 1024 as the number of open files.

When doing rsh of ulimits -a  I can see that open files is set to 1700
 However when doing rexec open files is set to 1024.

 I have taken traces of both commands and I now can see why.
 rshd does reads /etc/security/limits.conf and set the limis accordingly
 while rexecd does not it just set limits to default.

 Here is the proof.

 This is a trace of rshd , I just grep for limits here.
 and as we can see it reads /etc/security/limits.conf

 1916  setrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024}) = 0
 1916  open("/lib/security/pam_limits.so", O_RDONLY) = 5
 1916  getrlimit(0, 0xbffdd960)          = 0
 1916  getrlimit(0x1, 0xbffdd970)        = 0
 1916  getrlimit(0x2, 0xbffdd980)        = 0
 1916  getrlimit(0x3, 0xbffdd990)        = 0
 1916  getrlimit(0x4, 0xbffdd9a0)        = 0
 1916  getrlimit(0x5, 0xbffdd9b0)        = 0
 1916  getrlimit(0x6, 0xbffdd9c0)        = 0
 1916  getrlimit(0x7, 0xbffdd9d0)        = 0
 1916  getrlimit(0x8, 0xbffdd9e0)        = 0
 1916  getrlimit(0x9, 0xbffdd9f0)        = 0
 1916  getrlimit(0xa, 0xbffdda00)        = 0
 1916  open("//etc/security/limits.conf", O_RDONLY) = 4
 1916  read(4, "# /etc/security/limits.conf\n#\n#E"..., 4096) = 1396
 1916  setrlimit(RLIMIT_CPU, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 
 0
 1916  setrlimit(RLIMIT_FSIZE, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) 
 = 0
 1916  setrlimit(RLIMIT_DATA, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 
 0
 1916  setrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
 1916  setrlimit(RLIMIT_CORE, {rlim_cur=0, rlim_max=RLIM_INFINITY}) = 0
 1916  setrlimit(RLIMIT_RSS, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 
 0
 1916  setrlimit(RLIMIT_NPROC, {rlim_cur=10238, rlim_max=10238}) = 0
 1916  setrlimit(RLIMIT_NOFILE, {rlim_cur=1700, rlim_max=4*1024}) = 0
 1916  setrlimit(RLIMIT_MEMLOCK, {rlim_cur=RLIM_INFINITY, 
 rlim_max=RLIM_INFINITY}) = 0
 1916  setrlimit(RLIMIT_AS, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
 1916  setrlimit(0xa /* RLIMIT_??? */, {rlim_cur=RLIM_INFINITY, 
 rlim_max=RLIM_INFINITY}) = 0
 1918  getrlimit(0x7, 0xbffdfb90)        = 0
 1918  execve("/bin/bash", ["bash", "-c", "ulimit -a"], [/* 4 vars */]) = 0
 1918  getrlimit(0x4, 0xbffffbf0)        = 0
 1918  getrlimit(0x2, 0xbffffbf0)        = 0
 1918  getrlimit(0x1, 0xbffffbf0)        = 0
 1918  getrlimit(0x8, 0xbffffbf0)        = 0
 1918  getrlimit(0x5, 0xbffffbf0)        = 0
 1918  getrlimit(0x7, 0xbffffbf0)        = 0
 1918  getrlimit(0x3, 0xbffffbf0)        = 0
 1918  getrlimit(0, 0xbffffbf0)          = 0
 1918  getrlimit(0x6, 0xbffffbf0)        = 0
 1918  getrlimit(0x9, 0xbffffbf0)        = 0

 Here is a trace of rexecd and I grep for limit. As we can see
 /etc/security/limits.conf values are not reset.

 1678  setrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024}) = 0
 1678  open("/lib/security/pam_limits.so", O_RDONLY) = 6
 1678  getrlimit(0x7, 0xbffdfbb0)        = 0
 1678  execve("/bin/bash", ["bash", "-c", "ulimit -a"], [/* 4 vars */]) = 0
 1678  getrlimit(0x4, 0xbffffbf0)        = 0
 1678  getrlimit(0x2, 0xbffffbf0)        = 0
 1678  getrlimit(0x1, 0xbffffbf0)        = 0
 1678  getrlimit(0x8, 0xbffffbf0)        = 0
 1678  getrlimit(0x5, 0xbffffbf0)        = 0
 1678  getrlimit(0x7, 0xbffffbf0)        = 0
 1678  getrlimit(0x3, 0xbffffbf0)        = 0
 1678  getrlimit(0, 0xbffffbf0)          = 0
 1678  getrlimit(0x6, 0xbffffbf0)        = 0
 1678  getrlimit(0x9, 0xbffffbf0)        = 0

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. change the nofiles limits in /etc/security/limits
2.change /etc/pam.d/rexec to have pam limits
3.rexec -l user -p passwd localhost ulimit -a stills print the default limits not the ones we just set up.
	

Additional info:

Comment 1 Tomas Mraz 2004-11-16 13:29:51 UTC
The problem is that the rexecd doesn't call pam_open_session where the
limits are applied as rshd calls.

Comment 2 Karel Zak 2004-11-17 17:47:49 UTC
Fixed in devel branch rsh-0.17-25 [FC-4].


Note You need to log in before you can comment on or make changes to this bug.