Bug 155480 - [login.conf] maxproc does not work when command running from cron
Summary: [login.conf] maxproc does not work when command running from cron
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: conf (show other bugs)
Version: 8.2-RELEASE
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-bugs mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-03-11 18:40 UTC by admin
Modified: 2018-05-20 23:52 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description admin 2011-03-11 18:40:05 UTC
I create login class:
lissyara# grep id100 --after-context=7 /etc/login.conf
id100:\
        :coredumpsize=1:\
        :cputime=60s:\
        :maxproc=12:\
        :openfiles=32:\
        :priority=20:\
        :tc=default:

lissyara#

then, run command:

lissyara# cap_mkdb -v /etc/login.conf
cap_mkdb: 10 capability records
lissyara#

add user:

lissyara# grep ^test1234 /etc/master.passwd
test1234:$1$kj/WOTuN$vLGcOBPv9ro8eljOe.ChA1:1002:1004:id100:0:0:User &:/home/test1234:/bin/sh
lissyara#

add cron job for user:

lissyara# crontab -l -u test1234
* * * * * /bin/sleep 72000
* * * * * /bin/sleep 72000
* * * * * /bin/sleep 72000
* * * * * /bin/sleep 72000
* * * * * /bin/sleep 72000
* * * * * /bin/sleep 72000
* * * * * /bin/sleep 72000
* * * * * /bin/sleep 72000
* * * * * /bin/sleep 72000
* * * * * /bin/sleep 72000
* * * * * /bin/sleep 72000
* * * * * /bin/sleep 72000
* * * * * /bin/sleep 72000
lissyara#

after some time I see lot sleep processes in ps output

lissyara# ps -auxww | grep ^test1234 | grep sleep | wc -l
     130
lissyara#

130 > 12

========
If I running commands from ssh session - all OK, I cannot run more than
maxproc processes...

http://lists.freebsd.org/pipermail/freebsd-current/2011-March/023234.html

It's very serious problem - for shared hostings servers and such other
applications where users have access to create cron jobs

How-To-Repeat: see full desc
Comment 1 stant 2014-08-27 12:32:57 UTC
I also stumbled on this issue. I have maxproc=32 in /etc/login.conf, but it's ignored by jobs running from crontab. I think this is critical vulnabirity, because unpriveleged user may abuse whole system via crontab jobs. Documentation doesn't say anything about it (see https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security-resourcelimits.html#resource-limits).
Comment 2 stant 2014-08-27 12:35:29 UTC
Forgot to say I'm using FreeBSD 8.4-RELEASE-p7.
Comment 3 Eitan Adler freebsd_committer freebsd_triage 2018-05-20 23:52:15 UTC
For bugs matching the following conditions:
- Status == In Progress
- Assignee == "bugs@FreeBSD.org"
- Last Modified Year <= 2017

Do
- Set Status to "Open"