Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 469357
| Summary: | xdm updates for the audit system | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Steve Grubb <sgrubb> | ||||||||
| Component: | xorg-x11-xdm | Assignee: | Søren Sandmann Pedersen <sandmann> | ||||||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||
| Severity: | medium | Docs Contact: | |||||||||
| Priority: | medium | ||||||||||
| Version: | rawhide | CC: | kem, mcepl, pertusus, xgl-maint | ||||||||
| Target Milestone: | --- | Keywords: | FutureFeature, Patch, Triaged | ||||||||
| Target Release: | --- | ||||||||||
| Hardware: | All | ||||||||||
| OS: | Linux | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | xorg-x11-xdm-1.1.6-19.fc13 | Doc Type: | Enhancement | ||||||||
| Doc Text: | Story Points: | --- | |||||||||
| Clone Of: | Environment: | ||||||||||
| Last Closed: | 2010-04-09 04:01:52 UTC | Type: | --- | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Embargoed: | |||||||||||
| Bug Depends On: | |||||||||||
| Bug Blocks: | 432388 | ||||||||||
| Attachments: |
|
||||||||||
|
Description
Steve Grubb
2008-10-31 14:01:48 UTC
Created attachment 322082 [details]
patch adding audit capabilities
Please apply this patch and add --with-libaudit to the configure line in the spec file. You will also need to add a BuildRequires: audit-libs-devel. Thanks.
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle. Changing version to '10'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping This message is a reminder that Fedora 10 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 10. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '10'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 10's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 10 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping Retargetting rawhide. This bug appears to have been reported against 'rawhide' during the Fedora 13 development cycle. Changing version to '13'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping The patch uses a 64-byte buffer for ("acct=%s", login) when login fails. Given that LOGIN_NAME_MAX == 256, and pam_get_user() in PAM does not limit the size of PAM_USER at all, is 64 bytes sufficient?
Elsewhere the xdm code seems to use NAME_LEN, which might limit the size of text that can be entered, I don't know Xt well enough; but NAME_LEN seems to be defined to PAM_MAX_RESP_SIZE == 512, so this would not protect against the buffer overflow either.
Is there something else that protect against the overflow, or am I missing something?
There is no overflow, there would be truncated text. snprintf will not allow the buffer to be overrun. That said, I am surprised this patch is still unapplied. At this point it needs to be re-written to use audit_log_acct_message() to send the audit event. This would take care of the problem you are reporting. Anyway, in between https://koji.fedoraproject.org/koji/taskinfo?taskID=2063498 builds. (In reply to comment #7) > There is no overflow, there would be truncated text. snprintf will not allow > the buffer to be overrun. That said, I am surprised this patch is still > unapplied. At this point it needs to be re-written to use > audit_log_acct_message() to send the audit event. This would take care of the > problem you are reporting. I am not a maintainer of this component, just went through old bugs with patches. Will ask around what to do about the update of the patch. Created attachment 401346 [details]
updated patch
This is an updated patch that will fix a log injection vulnerability in the original patch.
Created attachment 401348 [details]
updated patch v2
Forgot that op field should be login. New patch is ready.
xorg-x11-xdm-1.1.6-19.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/xorg-x11-xdm-1.1.6-19.fc13 Build for Rawhide http://koji.fedoraproject.org/koji/taskinfo?taskID=2073303, for F-13 http://koji.fedoraproject.org/koji/taskinfo?taskID=2073330. xorg-x11-xdm-1.1.6-19.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update xorg-x11-xdm'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/xorg-x11-xdm-1.1.6-19.fc13 xorg-x11-xdm-1.1.6-19.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. |