Bug 469357 - xdm updates for the audit system
xdm updates for the audit system
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: xorg-x11-xdm (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Søren Sandmann Pedersen
Fedora Extras Quality Assurance
: FutureFeature, Patch, Triaged
Depends On:
Blocks: fedora-x-target
  Show dependency treegraph
 
Reported: 2008-10-31 10:01 EDT by Steve Grubb
Modified: 2014-06-18 05:10 EDT (History)
4 users (show)

See Also:
Fixed In Version: xorg-x11-xdm-1.1.6-19.fc13
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-04-09 00:01:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch adding audit capabilities (3.38 KB, patch)
2008-10-31 10:47 EDT, Steve Grubb
no flags Details | Diff
updated patch (3.18 KB, patch)
2010-03-19 16:46 EDT, Steve Grubb
no flags Details | Diff
updated patch v2 (3.18 KB, patch)
2010-03-19 16:49 EDT, Steve Grubb
no flags Details | Diff

  None (edit)
Description Steve Grubb 2008-10-31 10:01:48 EDT
Description of problem:
xdm is not sending a USER_LOGIN event like other login programs do. It will need to be patched and spec file updated to specify --with-libaudit. 

Version-Release number of selected component (if applicable):
1.1.6-5

Steps to Reproduce:
1. login
2. ausearch --start today -m USER_LOGIN -x xdm

  
Actual results:
nothing

Expected results:
an event output

Additional info:
I will attach a patch against current rawhide later that solves the problem.
Comment 1 Steve Grubb 2008-10-31 10:47:31 EDT
Created attachment 322082 [details]
patch adding audit capabilities

Please apply this patch and add --with-libaudit to the configure line in the spec file. You will also need to add a BuildRequires: audit-libs-devel. Thanks.
Comment 2 Bug Zapper 2008-11-25 23:32:55 EST
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle.
Changing version to '10'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 3 Bug Zapper 2009-11-18 03:43:00 EST
This message is a reminder that Fedora 10 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 10.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '10'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 10's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 10 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 4 Patrice Dumas 2009-11-18 06:34:06 EST
Retargetting rawhide.
Comment 5 Bug Zapper 2010-03-15 08:07:54 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 13 development cycle.
Changing version to '13'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 6 Miloslav Trmač 2010-03-19 16:14:16 EDT
The patch uses a 64-byte buffer for ("acct=%s", login) when login fails.  Given that LOGIN_NAME_MAX == 256, and pam_get_user() in PAM does not limit the size of PAM_USER at all, is 64 bytes sufficient?

Elsewhere the xdm code seems to use NAME_LEN, which might limit the size of text that can be entered, I don't know Xt well enough; but NAME_LEN seems to be defined to PAM_MAX_RESP_SIZE == 512, so this would not protect against the buffer overflow either.

Is there something else that protect against the overflow, or am I missing something?
Comment 7 Steve Grubb 2010-03-19 16:29:33 EDT
There is no overflow, there would be truncated text. snprintf will not allow the buffer to be overrun. That said, I am surprised this patch is still unapplied. At this point it needs to be re-written to use audit_log_acct_message() to send the audit event. This would take care of the problem you are reporting.
Comment 8 Matěj Cepl 2010-03-19 16:30:55 EDT
Anyway, in between https://koji.fedoraproject.org/koji/taskinfo?taskID=2063498 builds.
Comment 9 Matěj Cepl 2010-03-19 16:35:48 EDT
(In reply to comment #7)
> There is no overflow, there would be truncated text. snprintf will not allow
> the buffer to be overrun. That said, I am surprised this patch is still
> unapplied. At this point it needs to be re-written to use
> audit_log_acct_message() to send the audit event. This would take care of the
> problem you are reporting.    

I am not a maintainer of this component, just went through old bugs with patches. Will ask around what to do about the update of the patch.
Comment 10 Steve Grubb 2010-03-19 16:46:14 EDT
Created attachment 401346 [details]
updated patch

This is an updated patch that will fix a log injection vulnerability in the original patch.
Comment 11 Steve Grubb 2010-03-19 16:49:22 EDT
Created attachment 401348 [details]
updated patch v2

Forgot that op field should be login. New patch is ready.
Comment 12 Fedora Update System 2010-03-24 12:46:23 EDT
xorg-x11-xdm-1.1.6-19.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/xorg-x11-xdm-1.1.6-19.fc13
Comment 14 Fedora Update System 2010-03-25 18:28:34 EDT
xorg-x11-xdm-1.1.6-19.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update xorg-x11-xdm'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/xorg-x11-xdm-1.1.6-19.fc13
Comment 15 Fedora Update System 2010-04-09 00:01:46 EDT
xorg-x11-xdm-1.1.6-19.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.