Re: locking utmp

[Russell Coker <russell@coker.com.au>]

On Tue, 19 Mar 2002 17:46, Steve Langasek wrote:
> > If it keeps the read lock for an extended period of time and locks out
> > other processes then it could allow a local DOS attack.
>
> AFAIK, read locks are not exclusive.

But they block processes from writing.  If you could use that to stop other 
people logging in...

> > > If the question is really "why does it want a read lock at all?", I
> > > don't think I have an answer for that one.
> >
> > Getting a read lock on the utmp file before reading it is reasonable. 
> > Not sure why it needs to read it at all though.  Must be something in
> > PAM.
>
> Probably a 'session .* pam_unix.so' line in the PAM config for this
> module.  Consensus among PAM developers is that utmp is the closest
> possible definition for a 'unix session', so calling the session
> management functions of the pam_unix functions writes to utmp.

Session shouldn't even apply as the program in question only checks the 
password.  Maybe the auth line for pam_unix.so is doing it.

-- 
If you send email to me or to a mailing list that I use which has >4 lines
of legalistic junk at the end then you are specifically authorizing me to do
whatever I wish with the message and all other messages from your domain, by
posting the message you agree that your long legalistic sig is void.