-3

I am very confused, and I tried a lot but I didn't get any way to overcome from a bug. I am posting the same. I am hoping that someone helps me.

My problem is,

When I run ulimit -n it shows 12000.

When I run rsh localhost ulimit -n , it shows 12000.

Till now, all is going well. But the actual problem arise here, I made some changes in rsh, by adding one feature and some more, it builds a new rsh, named modified-rsh. Please don't ask for code because that is not public and don't say move to ssh , because rsh is insecure.

I know all these things.

When I run command, modified-rsh localhost ulimit -n , it shows 1024. Why ??

Can you tell me what is the reason behind all these happenings.

I feel helpless. Help me in this situation. Thanks in advance. Looking for your kind reply.

Edit no 3

I think this edit will be helpful. This edit shows where and when ulimit is accessed during the trace of modified-rsh

Command :- strace -o log.txt modified-rsh localhost ulimit -n

writev(3, [{"service\0", 8}, {"service\0", 8}, {"ulimit -n\0", 10}], 3) = 26
read(3, "\0", 1)                        = 1
rt_sigprocmask(SIG_SETMASK, [], [URG], 8) = 0
setuid(500)                             = 0
rt_sigprocmask(SIG_BLOCK, [INT QUIT TERM], [], 8) = 0
rt_sigaction(SIGINT, {0x1, [INT], SA_RESTORER|SA_RESTART, 0x3454030330}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGINT, {0x401650, [INT], SA_RESTORER|SA_RESTART, 0x3454030330}, {0x1, [INT], SA_RESTORER|SA_RESTART, 0x3454030330}, 8) = 0
rt_sigaction(SIGQUIT, {0x1, [QUIT], SA_RESTORER|SA_RESTART, 0x3454030330}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGQUIT, {0x401650, [QUIT], SA_RESTORER|SA_RESTART, 0x3454030330}, {0x1, [QUIT], SA_RESTORER|SA_RESTART, 0x3454030330}, 8) = 0
rt_sigaction(SIGTERM, {0x1, [TERM], SA_RESTORER|SA_RESTART, 0x3454030330}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTERM, {0x401650, [TERM], SA_RESTORER|SA_RESTART, 0x3454030330}, {0x1, [TERM], SA_RESTORER|SA_RESTART, 0x3454030330}, 8) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2b749c27cd80) = 4583
ioctl(5, FIONBIO, [1])                  = 0
ioctl(3, FIONBIO, [1])                  = 0
rt_sigprocmask(SIG_SETMASK, [], [INT QUIT TERM], 8) = 0
select(6, [3 5], NULL, NULL, NULL)      = 1 (in [3])
read(3, "1024\n", 8192)                 = 5
write(1, "1024\n", 5)                   = 5
select(6, [3 5], NULL, NULL, NULL)      = 1 (in [3])
read(3, "", 8192)                       = 0
select(6, [5], NULL, NULL, NULL)        = 1 (in [5])
read(5, "", 8192)                       = 0
kill(4583, SIGKILL)                     = 0
exit_group(0)                           = ?

See read system call reads 1024. But it should have to read 12000, where is the problem, can you identify now?

Edit No. 4

strace -e open modified-rsh localhost ulimit -n

open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libcrypt.so.1", O_RDONLY)  = 3
open("/lib64/libutil.so.1", O_RDONLY)   = 3
open("/lib64/libc.so.6", O_RDONLY)      = 3
open("/etc/nsswitch.conf", O_RDONLY)    = 3
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib64/libnss_files.so.2", O_RDONLY) = 3
open("/etc/passwd", O_RDONLY)           = 3
open("/etc/services", O_RDONLY)         = 3
open("/etc/resolv.conf", O_RDONLY)      = 3
open("/etc/host.conf", O_RDONLY)        = 3
open("/etc/hosts", O_RDONLY)            = 3
open("/etc/hosts", O_RDONLY)            = 3

These open system calls is called sequentially, that having 3 in command. Out of above , only four are readable, i.e., /etc/nsswitch.conf, /etc/passwd, /etc/services, /etc/resolv.conf

strace -e open rsh localhost ulimit -n

  1 open("/etc/ld.so.cache", O_RDONLY)      = 3
  2 open("/lib64/libcrypt.so.1", O_RDONLY)  = 3
  3 open("/lib64/libutil.so.1", O_RDONLY)   = 3
  4 open("/lib64/libc.so.6", O_RDONLY)      = 3
  5 open("/etc/nsswitch.conf", O_RDONLY)    = 3
  6 open("/etc/ld.so.cache", O_RDONLY)      = 3
  7 open("/lib64/libnss_files.so.2", O_RDONLY) = 3
  8 open("/etc/passwd", O_RDONLY)           = 3
  9 open("/etc/services", O_RDONLY)         = 3
 10 open("/etc/host.conf", O_RDONLY)        = 3
 11 open("/etc/resolv.conf", O_RDONLY)      = 3
 12 open("/etc/hosts", O_RDONLY)            = 3
 13 open("/etc/hosts", O_RDONLY)            = 3
 14 open("/etc/hosts", O_RDONLY)            = 3

cat /etc/services | grep rsh

kshell          544/tcp         krcmd           # Kerberized `rsh' (v5)
rsh-spx         222/tcp                         # Berkeley rshd with SPX auth
rsh-spx         222/udp                         # Berkeley rshd with SPX auth
carrius-rshell  1197/tcp                        # Carrius Remote Access
carrius-rshell  1197/udp                        # Carrius Remote Access
airshot         3975/tcp                        # Air Shot
airshot         3975/udp                        # Air Shot
watershed-lm    6143/tcp                        # Watershed License Manager
watershed-lm    6143/udp                        # Watershed License Manager
modified-rsh    2529/tcp

The below command I used is used by one question on this forum whose link is here

[root@jhamb ~]# sudo grep limits /etc/pam.d/*

/etc/pam.d/atd:# To enable PAM user limits for atd, please uncomment the
/etc/pam.d/atd:# following line and configure /etc/security/limits.conf:
/etc/pam.d/atd:# session    required   pam_limits.so
/etc/pam.d/runuser:session           required   pam_limits.so
/etc/pam.d/sudo:session    required  pam_limits.so
/etc/pam.d/sudo-i:session    required   pam_limits.so
/etc/pam.d/system-auth:session     required      pam_limits.so
/etc/pam.d/system-auth-ac:session     required      pam_limits.so
Community
  • 1
devsda
  • 137
  • 1
  • 1
  • 7
  • The only thing people can say here is that you're doing something differently from the standard `rsh`. Since you don't want to show the changes you made, any answer you'd get would be a guess. – Mat Mar 13 '13 at 13:48
  • I just want hint, what's the possibility. I think there is something wrong wrong with /etc/security/limits.conf – devsda Mar 13 '13 at 13:54
  • Here is the question on this forum, similar to my question http://serverfault.com/questions/387884/open-files-ulimit-controlling-via-limits-conf/390172?noredirect=1#comment543764_390172 But I unable to co-relate these. – devsda Mar 13 '13 at 13:55
  • 1
    That's the problem - you're not giving **any** information about what you're doing differently from the original `rsh`. Asking for people to guess what you're doing wrong when you don't say what you're doing isn't productive. – Mat Mar 13 '13 at 13:57
  • I will not show the code, but yes I can tell the functionality of added part. Wait. – devsda Mar 13 '13 at 14:00
  • Please see EDIT NO. 1 – devsda Mar 13 '13 at 14:31
  • 2
    That edit provides no information related to your problem at all. Just failed syscalls that look a bit strange - why is your rsh _client_ trying to bind to a local port? – Mat Mar 13 '13 at 14:34
  • jhamb, I do feel that your question is directly equivalent to "some software I wrote and won't share isn't working. why not?". You've pretty much proved that it's the use of your modified rsh that causes the issue (good investigation, btw); we probably can't shed much light on what that's doing wrong, because it's a complete secret to everyone who isn't you. – MadHatter Mar 13 '13 at 15:15
  • @MadHatter But I can show the strace and ltrace of the same, and I think it is sufficient to solve this problem. I don't know exactly, but it may be due to wrong reading of /.etc/security/limits.conf. – devsda Mar 13 '13 at 19:41
  • see EDIT NO. 2 please. – devsda Mar 13 '13 at 20:12
  • jhamb: you're showing us strace output that makes it clear that your modified rsh program is trying to connect to localhost on port 544, which is the kerberised rsh service, not regular rsh (which runs on port 513). Presumably, you get connection refused because your server has no listener running on 544. Why is your software trying to connect on 544? **Who knows** - it's your software, so only you can say. I also note that your original question said that `modified-rsh localhost ulimit -n` gave different output to what your edit no. 2 says. – MadHatter Mar 13 '13 at 21:38
  • @MadHatter EDIT NO. 2 is related to standard rsh, when I run `rsh localhost ulimit -n`, it shows 12000. But when I use strace utility, it shows EDIT NO. 2. Now please let me out from EDIT NO. 2, permision denied problem. @MAdHatten, I think that you are the one who can solve my problem. I spent a lot time on it. and , yes whatever you want I will post that, related to this question. But please help till the success of this problem. – devsda Mar 14 '13 at 03:28
  • jhamb, my aplogies relating to edit no. 2, I missed that. Right now, I think our best chance is for you to do what Hauke has asked for in his answer, which is to `strace` on the **server**, not the client. If `rshd` is started by `inetd` on the server, this may be tricky - but I hope it will shed the light we badly need. – MadHatter Mar 14 '13 at 06:53
  • Ohk, I am following your instruction, and will discuss my progress with you all. Thanks. – devsda Mar 14 '13 at 07:02
  • @MadHatter Please see Edit no. 3, see read system call reads 1024, instead of 13000. I think clone may be the culprit. Please shed light on this. – devsda Mar 15 '13 at 13:24
  • You will need to find out what file was opened on file descriptor 3, you're looking for an earlier line that says something like `open("/home/user/foo/.bar", O_RDONLY) = 3`; that will tell you what file is being read by `rshd` and telling it to use a lower ulimit. – MadHatter Mar 17 '13 at 06:49
  • @MadHatter I make Edit No. 4, that shows all the open system calll having `open() = 3` format. Now shed light where I have to put my concentration on which file. Please. – devsda Mar 17 '13 at 07:08
  • @MadHatter I followed your instructions, and as a result I build edit no. 4. I compare each line of strace of both. and yes they are different at some point. But I didn't understand how to do search to fulfill my task. Where is the ulimit exists? Is it related with /etc/passwd , /etc/resolv.conf , /etc/services , /etc/nsswitch.conf ? I am unable to catch the right place from where these get ulimit value. Help me. – devsda Mar 17 '13 at 20:18
  • @MadHatter Can we dicussissue on chat? Because I think I am very close to my solution. Please help – devsda Mar 18 '13 at 08:53
  • @MadHatter Please help, you helped me in the whole of journey of solving my problem. Now the end is very close. Help me please. – devsda Mar 18 '13 at 10:27
  • I'm in chat right now. I won't be there for long. – MadHatter Mar 18 '13 at 10:35
  • Can you give me the link of your chat, so that I can also be a part of that and discuss my problem. – devsda Mar 18 '13 at 10:36
  • Go to the chat from the link at the top, there's a room called "Discussion between MadHatter and jhamb". That's the room you're looking for. – MadHatter Mar 18 '13 at 10:37
  • @MadHatter I leave one message in chat for you. Please read that. "I read and compare both strace files of rsh and modified-rsh command. But I didn't able to locate the exact point , where there is assignment of lower ulimit in modified-rsh.. All system calls worked for setting all the requirement before running any command. That's it. There is nothing related with ulimits.conf, and all. Give me any expert advice. What can I do now, as I followed your instructions." – devsda Mar 18 '13 at 20:59

1 Answers1

4

You should connect to the rsh daemon with strace and look for setrlimit calls:

strace -p $PID -f -e trace=setrlimit

They should differ in both versions. This should lead you to the problem.

Hauke Laging
  • 5,285
  • 2
  • 24
  • 40
  • It does not show any thing, I run command `strace -f -e setrlimit modified-rsh localhost ulimit -n`, it shows 1024. :( – devsda Mar 13 '13 at 18:28
  • 1
    @jhamb Do what I told you. You have to trace the server not the client. We don't even know yet whether you have modified the client only. – Hauke Laging Mar 13 '13 at 18:31
  • I have only one machine, this is the server and client also. First help me to this task on standard rsh, for some time leave modified-rsh concept. Tell me what is $PID in above query? – devsda Mar 16 '13 at 09:45
  • @jhamb, I'm afraid you are confusing rsh and rshd. – jlliagre Mar 16 '13 at 13:49
  • Now, I get proper feeling about these concepts. rsh passes query and rshd, i.e., rsh server, respond to the query. and yes my questions's solution is hidden in the rshd source code. Am I right ?? – devsda Mar 16 '13 at 16:06
  • @HaukeLaging I am waiting for your response of above comments question. My question is about your suggested command. – devsda Mar 16 '13 at 16:07
  • @jhamb Sorry but I don't feel like explaining on that level (remember: on a site for professionals). – Hauke Laging Mar 16 '13 at 16:17
  • @HaukeLaging I agre from that. But while writing above command, I didn't understand what to write in place of $PID, Here PID is for rsh? If this PID is for rsh, then how it is possible, because before writing above command rsh is not in active process list `ps aux`. – devsda Mar 16 '13 at 17:06
  • @HaukeLaging : When I write `# strace -p 4434 -f -e trace=setrlimit` command , it shows `attach: ptrace(PTRACE_ATTACH, ...): No such process` output. What can I do now? What this output means ? – devsda Mar 18 '13 at 19:25
  • When I run strace over rsh , i.e., `strace rsh localhost ulimit -n`, It does not contain setrlimit system call. Help me – devsda Mar 18 '13 at 20:51
  • @HaukeLaging Please answer my query. I do all the things with my task. Finally, I think your command is the desired command for my task. I am unable to run your suggested command. Please help me. – devsda Mar 19 '13 at 07:14