Red Hat Bugzilla – Bug 1273630
AUDIT_USER_TTY auditing broken
Last modified: 2017-02-13 02:23:31 EST
Description of problem:
In http://pkgs.fedoraproject.org/cgit/bash.git/commit/bash-3.2-audit.patch?id=ac881ba83f94a4b96aadb41ac38a50f7e331b178 , bash-3.2-audit.patch lost the hunk calling the new code, making the patch completely ineffective.
From https://kojipkgs.fedoraproject.org//packages/bash/4.3.42/1.fc24/data/logs/x86_64/build.log :
>readline.c:341:1: warning: 'audit_tty' defined but not used [-Wunused-function]
> audit_tty (char *string)
Similarly running bash under strace shows that no audit netlink sockets are created.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. See bug #1188695 comment #0, look specifically for USER_TTY records, see none.
Yes, that patch is now wholly redundant, since that code is now in the upstream tarball, with the function residing under the name _rl_audit_tty.
As for netlink
Please also notice this recent development spurred by one BZ and written by Steve Grubb https://osdir.com/ml/bug-bash-gnu/2015-09/msg00038.html. This should be in RHEL-7.3, though I've not yet included it in Fedora.
(In reply to Ondrej Oprala from comment #1)
> Yes, that patch is now wholly redundant, since that code is now in the
> upstream tarball, with the function residing under the name _rl_audit_tty.
Honestly I don’t care which one is redundant with what, as long as it works ☺ and right now it seems not to.
> As for netlink
> Please also notice this recent development spurred by one BZ and written by
> Steve Grubb https://osdir.com/ml/bug-bash-gnu/2015-09/msg00038.html. This
> should be in RHEL-7.3, though I've not yet included it in Fedora.
If you are saying that that patch (https://lists.gnu.org/archive/html/bug-bash/2015-09/txtGLkevlqmgK.txt ) would make this work, that could very well be true. (But note that this again seems to reintroduce a separate audit_tty instead of using the one in readline; and FWIW the one in readline needs to work too.)
The one in readline as a separate package? (Note bash isn't linked to readline as a library) That's out of my competence, but I'll apply Steve's patch in Fedora... for bash, I don't think it matters where the functionality comes from, does it?
I was assuming that sharing Red Hat patches between the standalone and bash-included readline versions was saving you work; if it does not, feel free to ignore the standalone one.
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.
If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
Thank you for reporting this bug and we are sorry it could not be fixed.
I'm reopening this BZ, because this is something we should look into at some point.
Reason: Because of ownership transfer of bash that has happened this year, there was no time to look into all BZs properly...
This was fixed by rebasing bash to version 4.4 in rawhide.