Bugtraq mailing list archives
pam_limits.so Bug!!
From: Devrim SERAL <devrim.seral () gantek com>
Date: Mon, 08 Oct 2001 16:52:57 +0300
Devrim SERAL wrote:
Hi , Today i found some interesting bug when i tried to use pam_limits.so in login pam configuration. Today one of my user warn me that when he log on the our Linux server he gain my rights. Firstly i think someone break our system. But when i checked all logs i didn't found any break sign. Then i think xinetd or in.telnetd have some bug. I checked all updates from redhat and found that we are on lastest patch level at all packets.. Next i have disable telnetd from xinetd to all Lan and only permit to access from my IP number. And check all possibility. Finally i found that only student groups member gain console or pts/0 rights.. And i remember at weekend i have changed /etc/security/limits.conf for limit our student maxlogin count to two. Only i added below line to this file: @student hard maxlogins 2 And also added below line to pam configuration of login: session required pam_limits.so When i comment pam_limits.so related line the problem solved.. I wonder that if its related only for our server or pam module specific? devrim Note: The server run on Redhat 7.1 Kernel 2.4.10 and all packets at lastest patch level.
Current thread:
- pam_limits.so Bug!! Devrim SERAL (Oct 08)
- Re: pam_limits.so Bug!! Solar Designer (Oct 09)