Bugzilla – Bug 1150519
AUDIT-1: lxc: review pam_cgfs not yet whitelisted in rpmlint
Last modified: 2020-01-30 14:25:51 UTC
+++ This bug was initially created as a clone of Bug #1150178
As discussed in the proactive security team we want to catch up on the
packages shipping PAM modules that haven't been reviewed yet. Formerly there
was no badness for this type of rpmlint check. Right now the new review bot
should catch them.
lxc is one of the packages shipping a pam module (pam_cgfs) that hasn't been
The code should be reviewed and if all is well the PAM module be whitelisted
I will work on this item.
This PAM module is surprisingly big and complex. Basically it attempts to
setup a cgroup-v1 or cgroup-v2 under control of the user about to login. This
is then used by lxc for being able to limit resources on containers.
Some of the code is strange like all the `must_` functions like
`must_realloc()`. They loop around `malloc()` or `realloc()` until memory is
obtained. Sounds like a plan for disaster.
Files are generally opened without `O_CLOEXEC` but correctly closed
Generally file handling only deals with files in cgroup file systems and proc
so symlink attacks and similar should not be an issue.
I've commited whitelisting for pam_cgfs to rpmlint, it should hit Factory in a
The whitelisting is by now in Factory, closing this bug as FIXED.