On 08/05/2016 07:41 PM, Petter Reinholdtsen wrote: > > Package: libpam-abl > Version: 0.6.0-3 > > Hi. I discovered this probelm when trying to log into a long negleted > FreedomBox. I am unable to log in on the console, and these lines show > up after I enter the user name: > > pam-abl: BDB1546 unable to join the environment > pam-abl: BDB0137 write: 07fd282048091, 25: No space left on device > > This make me suspect pam-abl do not handle well a full disk. What is > expected to happen with libpam-abl enabled when the disk is full? > > I'm unable to provide more details, as I am unable to get into the > machine. :( >
Hi Petter, I wasn't able to reproduce the problem with libpam-abl 0.6.0-5 and stretch. A user can login via ssh without any messages. Via console I do get the messages but I still able to log-in even for the user blocked via ssh. Here is my testing setup. On the ssh server with pam_abl: dd if=/dev/zero of=/finishit dd: writing to 'finishit': No space left on device 188833+0 records in 188832+0 records out 96681984 bytes (97 MB, 92 MiB) copied, 0.583207 s, 166 MB/s df -h | egrep -v 'tmpfs|udev' Filesystem Size Used Avail Use% Mounted on /dev/sda1 2.0G 2.0G 0 100% / root@abltest:~# pam_abl Bus error root@abltest:~# pam_abl pam-abl: BDB0137 write: 0x7ffd5d49d85f, 1: No space left on device No space left on device (28) while opening the database environment No space left on device (28) while Creating database environment. root@abltest:~# pam_abl pam-abl: BDB1546 unable to join the environment pam-abl: BDB1546 unable to join the environment pam-abl: BDB0137 write: 0x7ffdc7c1ba5f, 1: No space left on device No space left on device (28) while opening the database environment No space left on device (28) while Creating database environment client side: ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no alex@localhost -p 3023 <skip> alex@abltest:~$ alex@abltest:~$ echo >test -bash: echo: write error: No space left on device I must confirm that pam_abl is not functional when there is no free space for the database update, so an attacker can use a bruteforce attack without being blocked by pam_abl.