[21166] in bugtraq
Re: pam session
daemon@ATHENA.MIT.EDU (Pawel Krawczyk)
Sun Jun 24 11:35:51 2001
Date: Sat, 23 Jun 2001 10:13:41 +0200
From: Pawel Krawczyk <kravietz@aba.krakow.pl>
To: Christian Kraemer <ckraemer@ginko.de>
Cc: bugtraq@securityfocus.com
Message-ID: <20010623101341.B24440@aba.krakow.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <01061903113100.00225@christian.localdomain>; from ckraemer@ginko.de on Tue, Jun 19, 2001 at 03:11:02AM +0200
On Tue, Jun 19, 2001 at 03:11:02AM +0200, Christian Kraemer wrote:
> This is espacially anoying if you
> use pam_limits.so to set rlimits. Every user could
> cirrcumvent them easily by calling ssh in this way:
> ssh user@server /bin/sh
The same problem was present in SSH 1.2.x some time ago and I've created a
patch to fix it (http://ceti.pl/~kravietz/prog.html).
PAM session start had to be called from two procedures (one for
interactive, one for non-interactive login), and then closed. The latter
required keeping session state in some variable all over the login time
and it created several problems how to do this in a nice and secure way.
In general, using the PAM session management required much more effort
than other authentication methods and it was simply skipped by the
developers. However, I don't remember exact details and many things could
have changed in recent PAM versions.
