Bugzilla – Bug 1150519
AUDIT-1: lxc: review pam_cgfs not yet whitelisted in rpmlint
Last modified: 2020-01-30 14:25:51 UTC
+++ This bug was initially created as a clone of Bug #1150178 As discussed in the proactive security team we want to catch up on the packages shipping PAM modules that haven't been reviewed yet. Formerly there was no badness for this type of rpmlint check. Right now the new review bot should catch them. lxc is one of the packages shipping a pam module (pam_cgfs) that hasn't been reviewed yet. The code should be reviewed and if all is well the PAM module be whitelisted in rpmlint.
I will work on this item.
This PAM module is surprisingly big and complex. Basically it attempts to setup a cgroup-v1 or cgroup-v2 under control of the user about to login. This is then used by lxc for being able to limit resources on containers. Some of the code is strange like all the `must_` functions like `must_realloc()`. They loop around `malloc()` or `realloc()` until memory is obtained. Sounds like a plan for disaster. Files are generally opened without `O_CLOEXEC` but correctly closed afterwards. Generally file handling only deals with files in cgroup file systems and proc so symlink attacks and similar should not be an issue.
I've commited whitelisting for pam_cgfs to rpmlint, it should hit Factory in a while.
The whitelisting is by now in Factory, closing this bug as FIXED.