From nobody@FreeBSD.org  Mon Dec 21 12:59:35 2009
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 57734106566C
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 21 Dec 2009 12:59:35 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 4734C8FC1A
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 21 Dec 2009 12:59:35 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id nBLCxZFS040935
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 21 Dec 2009 12:59:35 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id nBLCxYPM040934;
	Mon, 21 Dec 2009 12:59:34 GMT
	(envelope-from nobody)
Message-Id: <200912211259.nBLCxYPM040934@www.freebsd.org>
Date: Mon, 21 Dec 2009 12:59:34 GMT
From: Andrey Zonov <andrey.zonov@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: OpenSSH allow raise resource limit via .login_conf
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         141840
>Category:       bin
>Synopsis:       ssh(1): OpenSSH allow raise resource limit via .login_conf [regression]
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    des
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Dec 21 13:00:14 UTC 2009
>Closed-Date:    Sat Sep 25 00:13:15 UTC 2010
>Last-Modified:  Sat Sep 25 00:13:15 UTC 2010
>Originator:     Andrey Zonov
>Release:        7.2-STABLE, 8.0-STABLE
>Organization:
>Environment:
FreeBSD x.xxx.ru 7.2-STABLE FreeBSD 7.2-STABLE #0 r198488:198490M: Mon Oct 26 17:57:34 MSK 2009     root@x.xxx.ru:/opt/obj/opt/usr/SVN/7/sys/kernel  amd64
>Description:
Via OpenSSH and .login_conf may raise resource limit on 7.2-STABLE, 8.0-STABLE.
>How-To-Repeat:
1. Add new login class in /etc/login.conf

test:\
        :cputime=1h:\
        :tc=default:

2. Make db

# cap_mkdb /etc/login.conf

3. Change login class for your account

# pw usermod $login -L test

4. Connect via ssh to this host by $login and execute `limits -a'

$ limits -a
Resource limits (current):
  cputime                  3600 secs
  filesize             infinity kB
  datasize               524288 kB
  stacksize               65536 kB
  coredumpsize         infinity kB
  memoryuse            infinity kB
  memorylocked         infinity kB
  maxprocesses             3603
  openfiles                7207
  sbsize               infinity bytes
  vmemoryuse           infinity kB
  pseudo-terminals     infinity
  swapuse              infinity kB

5. Create ~/.login_conf

me:\
        :cputime=2h:

6. Connect again to this host and execute `limits -a'

$ limits -a
Resource limits (current):
  cputime                  7200 secs
  filesize             infinity kB
  datasize               524288 kB
  stacksize               65536 kB
  coredumpsize         infinity kB
  memoryuse            infinity kB
  memorylocked         infinity kB
  maxprocesses             3603
  openfiles                7207
  sbsize               infinity bytes
  vmemoryuse           infinity kB
  pseudo-terminals     infinity
  swapuse              infinity kB

In 6.4-RELEASE-p6 it does not work and it is correct behavior!
>Fix:
Workaround.
Add "UseLogin yes" in sshd_config and restart sshd

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->des 
Responsible-Changed-By: des 
Responsible-Changed-When: Thu Mar 18 11:21:21 UTC 2010 
Responsible-Changed-Why:  
OpenSSH is mine 

http://www.freebsd.org/cgi/query-pr.cgi?pr=141840 

From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: freebsd-gnats-submit@freebsd.org
Cc:  
Subject: Re: bin/141840: ssh(1): OpenSSH allow raise resource limit via .login_conf [regression]
Date: Thu, 18 Mar 2010 13:22:01 +0100

 Two questions:
 
  1) Does this also happen when you *don't* use "UseLogin yes"?
 
  2) Does this also happen when you run login(1) directly from the
     command line?
 
 I suspect the answers are "no" and "yes", respectively.  If that is the
 case, it's not an OpenSSH issue.
 
 DES
 --=20
 Dag-Erling Sm=C3=B8rgrav - des@des.no
State-Changed-From-To: open->patched 
State-Changed-By: des 
State-Changed-When: Mon Aug 16 15:32:19 UTC 2010 
State-Changed-Why:  
fixed in r211393 

http://www.freebsd.org/cgi/query-pr.cgi?pr=141840 
State-Changed-From-To: patched->closed 
State-Changed-By: delphij 
State-Changed-When: Sat Sep 25 00:12:51 UTC 2010 
State-Changed-Why:  
Fix MFC'ed to RELENG_{6,7,8} 

http://www.freebsd.org/cgi/query-pr.cgi?pr=141840 
>Unformatted:
