[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#171673: marked as done (sshd sets rlimits contrary to pam_rlimits module)

Your message dated Sat, 06 Mar 2004 14:17:17 -0500
with message-id <E1AzhIT-0002ea-00@newraff.debian.org>
and subject line Bug#171673: fixed in openssh 1:3.8p1-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 4 Dec 2002 09:16:32 +0000
>From pst@pst.org Wed Dec 04 03:16:31 2002
Return-path: <pst@pst.org>
Received: from quemadura.shockwave.org [63.199.168.250] 
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 18JVdv-0002Ls-00; Wed, 04 Dec 2002 03:16:31 -0600
Received: from quemadura.shockwave.org (localhost [127.0.0.1])
	by quemadura.shockwave.org (8.12.6/8.12.6/Debian-8) with ESMTP id gB49GUYc014312
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK);
	Wed, 4 Dec 2002 01:16:30 -0800
Received: (from pst@localhost)
	by quemadura.shockwave.org (8.12.6/8.12.6/Debian-8) id gB49GU3o014310;
	Wed, 4 Dec 2002 01:16:30 -0800
Message-Id: <200212040916.gB49GU3o014310@quemadura.shockwave.org>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Paul Traina <pst+reportbug@spamcatcher.bogus.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: sshd sets rlimits contrary to pam_rlimits module
X-Mailer: reportbug 2.9
Date: Wed, 04 Dec 2002 01:16:29 -0800
Delivered-To: submit@bugs.debian.org
X-Spam-Status: No, hits=0.8 required=5.0
	tests=MSG_ID_ADDED_BY_MTA_3,SPAM_PHRASE_00_01
	version=2.41
X-Spam-Level: 

Package: ssh
Version: 1:3.5p1-2
Severity: normal

Dec  4 00:22:46 quemadura pam_limits[13460]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=1000 euid=1000
Dec  4 00:22:46 quemadura pam_limits[13460]: setrlimit limit #7 to soft=-1, hard=-1 failed: Operation not permitted; uid=1000 euid=1000
Dec  4 00:29:44 quemadura sm-mta[13503]: gB48ShYc013503: ruleset=check_mail, arg1=<roma@galaxy.mymapcenter.com>, 


This is a sid system, no special settings in /etc/security/limits.conf, all
lines commented out.

I believe this to be a ssh bug instead of a PAM bug because telnetting in
does not generat these messages, and pam_limit.so is called by /bin/login.

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux quemadura.shockwave.org 2.4.19 #1 Thu Oct 17 21:24:45 PDT 2002 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages ssh depends on:
ii  adduser                     3.48         Add and remove users and groups
ii  debconf                     1.2.16       Debian configuration management sy
ii  libc6                       2.3.1-5      GNU C Library: Shared libraries an
ii  libpam-modules              0.76-8       Pluggable Authentication Modules f
ii  libpam0g                    0.76-8       Pluggable Authentication Modules l
ii  libssl0.9.6                 0.9.6g-10    SSL shared libraries
ii  libwrap0                    7.6-ipv6.1-3 Wietse Venema's TCP wrappers libra
ii  zlib1g                      1:1.1.4-8    compression library - runtime

-- debconf information:
  ssh/protocol2_default: 
* ssh/privsep_tell: 
  ssh/insecure_rshd: 
  ssh/privsep_ask: true
* ssh/ssh2_keys_merged: 
* ssh/forward_warning: 
* ssh/insecure_telnetd: 
  ssh/new_config: true
  ssh/ancient_version: 
* ssh/use_old_init_script: true
  ssh/protocol2_only: true
  ssh/encrypted_host_key_but_no_keygen: 
* ssh/run_sshd: true
* ssh/upgrade_to_openssh: true
* ssh/SUID_client: false


---------------------------------------
Received: (at 171673-close) by bugs.debian.org; 6 Mar 2004 19:23:13 +0000
>From katie@ftp-master.debian.org Sat Mar 06 11:23:13 2004
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1AzhOD-0006Fx-00; Sat, 06 Mar 2004 11:23:13 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1AzhIT-0002ea-00; Sat, 06 Mar 2004 14:17:17 -0500
From: Colin Watson <cjwatson@debian.org>
To: 171673-close@bugs.debian.org
X-Katie: $Revision: 1.44 $
Subject: Bug#171673: fixed in openssh 1:3.8p1-1
Message-Id: <E1AzhIT-0002ea-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Sat, 06 Mar 2004 14:17:17 -0500
Delivered-To: 171673-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_05 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=HAS_BUG_NUMBER autolearn=no 
	version=2.60-bugs.debian.org_2004_03_05
X-Spam-Level: 

Source: openssh
Source-Version: 1:3.8p1-1

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:

openssh_3.8p1-1.diff.gz
  to pool/main/o/openssh/openssh_3.8p1-1.diff.gz
openssh_3.8p1-1.dsc
  to pool/main/o/openssh/openssh_3.8p1-1.dsc
openssh_3.8p1.orig.tar.gz
  to pool/main/o/openssh/openssh_3.8p1.orig.tar.gz
ssh-askpass-gnome_3.8p1-1_powerpc.deb
  to pool/main/o/openssh/ssh-askpass-gnome_3.8p1-1_powerpc.deb
ssh_3.8p1-1_powerpc.deb
  to pool/main/o/openssh/ssh_3.8p1-1_powerpc.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 171673@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat,  6 Mar 2004 18:43:44 +0000
Source: openssh
Binary: ssh-askpass-gnome ssh
Architecture: source powerpc
Version: 1:3.8p1-1
Distribution: unstable
Urgency: low
Maintainer: Matthew Vernon <matthew@debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 ssh        - Secure rlogin/rsh/rcp replacement (OpenSSH)
 ssh-askpass-gnome - under X, asks user for a passphrase for ssh-add
Closes: 132681 134589 150968 153235 157078 171673 181869 191131 224457 228838 232281 232843 234777
Changes: 
 openssh (1:3.8p1-1) unstable; urgency=low
 .
   * New upstream release (closes: #232281):
     - New PAM implementation based on that in FreeBSD. This runs PAM session
       modules before dropping privileges (closes: #132681, #150968).
     - Since PAM session modules are run as root, we can turn pam_limits back
       on by default, and it no longer spits out "Operation not permitted" to
       syslog (closes: #171673).
     - Password expiry works again (closes: #153235).
     - 'ssh -q' suppresses login banner (closes: #134589).
     - sshd doesn't lie to PAM about invalid usernames (closes: #157078).
     - ssh-add prints key comment on each prompt (closes: #181869).
     - Punctuation formatting fixed in man pages (closes: #191131).
     - EnableSSHKeysign documented in ssh_config(5) (closes: #224457).
   * Add 'UsePAM yes' to /etc/ssh/sshd_config on upgrade from versions older
     than this, to maintain the standard Debian sshd configuration.
   * Comment out PAMAuthenticationViaKbdInt and RhostsAuthentication in
     sshd_config on upgrade. Neither option is supported any more.
   * Privilege separation and PAM are now properly supported together, so
     remove both debconf questions related to them and simply set it
     unconditionally in newly generated sshd_config files (closes: #228838).
   * ServerAliveInterval implemented upstream, so ProtocolKeepAlives is now a
     compatibility alias. The semantics differ slightly, though; see
     ssh_config(5) for details.
   * Implement SSH1 support for ServerAliveInterval using SSH_MSG_IGNORE. As
     documented in ssh_config(5), it's not as good as the SSH2 version.
   * Remove -fno-builtin-log, -DHAVE_MMAP_ANON_SHARED, and
     -D__FILE_OFFSET_BITS=64 compiler options, which are no longer necessary.
   * Update config.guess and config.sub from autotools-dev 20040105.1.
   * Darren Tucker:
     - Reset signal status when starting pam auth thread, prevent hanging
       during PAM keyboard-interactive authentications.
     - Fix a non-security-critical segfault in PAM authentication.
   * Add debconf template translations:
     - Greek (thanks, Konstantinos Margaritis; closes: #232843).
     - Italian (thanks, Renato Gini; closes: #234777).
Files: 
 3106ee4ac61541c173fb4483e7b79833 842 net standard openssh_3.8p1-1.dsc
 7861a4c0841ab69a6eec5c747daff6fb 826588 net standard openssh_3.8p1.orig.tar.gz
 70a09c4a493d91eae0aa9e1c20f8628d 122446 net standard openssh_3.8p1-1.diff.gz
 4351d37420110a347fb7bcab469aa8f3 759138 net standard ssh_3.8p1-1_powerpc.deb
 f5c562d17e71af297bd60a085d3f6027 55824 gnome optional ssh-askpass-gnome_3.8p1-1_powerpc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iD8DBQFASiLO9t0zAhD6TNERAjCPAJ9s58tD+O8ibS/5kDttlKjPLJ85EACfaTmb
DRVK6U+bCoG9e2U1PkLPf7g=
=yeHJ
-----END PGP SIGNATURE-----
Reply to: