CVE-2006-2607 Jobs start from root when pam_limits

https://bugzilla.redhat.com/show_bug.cgi?id=178431

 

User-Agent: Opera/8.50 (Windows NT 5.0; U; ru)

Description of problem:
I set hard nproc limit in limits.conf to 10 and uncommented "session  required  
pam_limits.so" in /etc/pam.d/crond
When process limit have reached new processes start from root.

Version-Release number of selected component (if applicable):
vixie-cron-4.1-36.FC4 pam-0.79-9.6

How reproducible:
Always

Steps to Reproduce:
1. Add "username hard nproc 10" to /etc/security/limits.conf
2. Uncomment line with pam_limits.so in /etc/pam.d/crond
3. Add jobs in username crontab:
* * * * * /path/to/script.pl
script.pl:
#!/usr/bin/perl

open file, '>/path/to/pid.'.$$;
close file;
while(1) { sleep(1); }

 

Actual Results:  After some time "ps aux" shows 10 process of script.pl under the user username
but other processes are under root.
10 pidfiles owned by username:usergroup but others by root:usergroup

Expected Results:  10 processes of script.pl under username

Additional info:

Also applied to FC3