Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 469357 - xdm updates for the audit system
Summary: xdm updates for the audit system
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: xorg-x11-xdm
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Søren Sandmann Pedersen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: fedora-x-target
TreeView+ depends on / blocked
 
Reported: 2008-10-31 14:01 UTC by Steve Grubb
Modified: 2018-04-11 18:38 UTC (History)
4 users (show)

Fixed In Version: xorg-x11-xdm-1.1.6-19.fc13
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-04-09 04:01:52 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
patch adding audit capabilities (deleted)
2008-10-31 14:47 UTC, Steve Grubb
no flags Details | Diff
updated patch (deleted)
2010-03-19 20:46 UTC, Steve Grubb
no flags Details | Diff
updated patch v2 (deleted)
2010-03-19 20:49 UTC, Steve Grubb
no flags Details | Diff

Description Steve Grubb 2008-10-31 14:01:48 UTC
Description of problem:
xdm is not sending a USER_LOGIN event like other login programs do. It will need to be patched and spec file updated to specify --with-libaudit. 

Version-Release number of selected component (if applicable):
1.1.6-5

Steps to Reproduce:
1. login
2. ausearch --start today -m USER_LOGIN -x xdm

  
Actual results:
nothing

Expected results:
an event output

Additional info:
I will attach a patch against current rawhide later that solves the problem.

Comment 1 Steve Grubb 2008-10-31 14:47:31 UTC
Created attachment 322082 [details]
patch adding audit capabilities

Please apply this patch and add --with-libaudit to the configure line in the spec file. You will also need to add a BuildRequires: audit-libs-devel. Thanks.

Comment 2 Bug Zapper 2008-11-26 04:32:55 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle.
Changing version to '10'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 3 Bug Zapper 2009-11-18 08:43:00 UTC
This message is a reminder that Fedora 10 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 10.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '10'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 10's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 10 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 4 Patrice Dumas 2009-11-18 11:34:06 UTC
Retargetting rawhide.

Comment 5 Bug Zapper 2010-03-15 12:07:54 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 13 development cycle.
Changing version to '13'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 6 Miloslav Trmač 2010-03-19 20:14:16 UTC
The patch uses a 64-byte buffer for ("acct=%s", login) when login fails.  Given that LOGIN_NAME_MAX == 256, and pam_get_user() in PAM does not limit the size of PAM_USER at all, is 64 bytes sufficient?

Elsewhere the xdm code seems to use NAME_LEN, which might limit the size of text that can be entered, I don't know Xt well enough; but NAME_LEN seems to be defined to PAM_MAX_RESP_SIZE == 512, so this would not protect against the buffer overflow either.

Is there something else that protect against the overflow, or am I missing something?

Comment 7 Steve Grubb 2010-03-19 20:29:33 UTC
There is no overflow, there would be truncated text. snprintf will not allow the buffer to be overrun. That said, I am surprised this patch is still unapplied. At this point it needs to be re-written to use audit_log_acct_message() to send the audit event. This would take care of the problem you are reporting.

Comment 8 Matěj Cepl 2010-03-19 20:30:55 UTC
Anyway, in between https://koji.fedoraproject.org/koji/taskinfo?taskID=2063498 builds.

Comment 9 Matěj Cepl 2010-03-19 20:35:48 UTC
(In reply to comment #7)
> There is no overflow, there would be truncated text. snprintf will not allow
> the buffer to be overrun. That said, I am surprised this patch is still
> unapplied. At this point it needs to be re-written to use
> audit_log_acct_message() to send the audit event. This would take care of the
> problem you are reporting.    

I am not a maintainer of this component, just went through old bugs with patches. Will ask around what to do about the update of the patch.

Comment 10 Steve Grubb 2010-03-19 20:46:14 UTC
Created attachment 401346 [details]
updated patch

This is an updated patch that will fix a log injection vulnerability in the original patch.

Comment 11 Steve Grubb 2010-03-19 20:49:22 UTC
Created attachment 401348 [details]
updated patch v2

Forgot that op field should be login. New patch is ready.

Comment 12 Fedora Update System 2010-03-24 16:46:23 UTC
xorg-x11-xdm-1.1.6-19.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/xorg-x11-xdm-1.1.6-19.fc13

Comment 14 Fedora Update System 2010-03-25 22:28:34 UTC
xorg-x11-xdm-1.1.6-19.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update xorg-x11-xdm'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/xorg-x11-xdm-1.1.6-19.fc13

Comment 15 Fedora Update System 2010-04-09 04:01:46 UTC
xorg-x11-xdm-1.1.6-19.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.