pam_lastlog: prevent crash due to reduced 'fsize' limit

It a reduced fsize limit is set in /etc/security/limits.conf and
pam_limits is in use pam_lastlog may cause a crash, e.g.

    ----- begin /etc/pam.d/su ----
    auth        sufficient   pam_rootok.so
    auth        required     pam_wheel.so use_uid
    auth        required     pam_env.so
    auth        required     pam_unix.so nullok
    account     required     pam_unix.so
    password    required     pam_unix.so nullok
    session     required     pam_limits.so
    session     required     pam_env.so
    session     required     pam_unix.so
    session     optional     pam_lastlog.so
    ----- end /etc/pam.d/su -----

    ----- begin /etc/security/limits.d/fsize.conf -----
    * soft fsize 1710
    * hard fsize 1710
    ----- end /etc/security/limits.d/fsize.conf -----

    # id user1
    uid=1000(user1) gid=1000(user1) groups=1000(user1)
    # su - user1
    Last login: Wed Sep 11 01:52:44 UTC 2019 on console
    $ exit
    # id user2
    uid=60000(user2) gid=60000(user2) groups=60000(user2)
    # su - user2
    File size limit exceeded

This happens because pam_limits sets RLIMIT_FSIZE before pam_lastlog
attempts to write /var/log/lastlog, leading to a SIGXFSZ signal.

In order to fix this, and an 'unlimited' option, which leads to saving
the 'fsize' limit and set it to unlimited before writing lastlog. After
that, restore the saved value. If 'fsize' is already unlimited nothing
is done.

Failing to set the 'fsize' limit is not a fatal error.  With luck the
configured limit will suffice, so we try to write lastlog anyway, even
under the risk of dying due to a SIGXFSZ.

Failing to restore the 'fsize' limit is a fatal error, since we don't
want to keep it unlimited.

Signed-off-by: Carlos Santos <casantos@redhat.com>

0 files changed, 0 insertions, 0 deletions