:: [devuan-dev] bug#805: openrc: super…
Startseite
Nachricht löschen
Nachricht beantworten
Autor: Mark Hindley
Datum:  
To: meow
CC: 805
Betreff: [devuan-dev] bug#805: openrc: supervise-daemon: missing PAM configuration
Lorietta,

On Fri, Nov 24, 2023 at 03:52:58AM +0000, meow wrote:
>    Example: Local DoS attack due to lack of PAM limits.
>    I think it’s safe to either include limits.so in /etc/pam. d/other, or
>    add a configuration for supervise-daemon.
>    Also, I have a question. What exactly is incompatible with debian in
>    the upstream version of this file? I added this file to my system and
>    everything works well, limits are applied and supervise-daemon
>    continues in normal mode.


Debian uses pam-auth-update(8) to manage the addition of modules to
/etc/pam.d/common-*. That will not work with the supplied upstream pam config.

I am not a pam expert, but I *think* the Debian approach should be something
like


@include common-auth
@include common-account
@include common-password
session         optional        pam_limits.so


Does that work for you?

Thanks

Mark