Description of problem: xdm is not sending a USER_LOGIN event like other login programs do. It will need to be patched and spec file updated to specify --with-libaudit. Version-Release number of selected component (if applicable): 1.1.6-5 Steps to Reproduce: 1. login 2. ausearch --start today -m USER_LOGIN -x xdm Actual results: nothing Expected results: an event output Additional info: I will attach a patch against current rawhide later that solves the problem.
Created attachment 322082 [details] patch adding audit capabilities Please apply this patch and add --with-libaudit to the configure line in the spec file. You will also need to add a BuildRequires: audit-libs-devel. Thanks.
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle. Changing version to '10'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
This message is a reminder that Fedora 10 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 10. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '10'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 10's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 10 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Retargetting rawhide.
This bug appears to have been reported against 'rawhide' during the Fedora 13 development cycle. Changing version to '13'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
The patch uses a 64-byte buffer for ("acct=%s", login) when login fails. Given that LOGIN_NAME_MAX == 256, and pam_get_user() in PAM does not limit the size of PAM_USER at all, is 64 bytes sufficient? Elsewhere the xdm code seems to use NAME_LEN, which might limit the size of text that can be entered, I don't know Xt well enough; but NAME_LEN seems to be defined to PAM_MAX_RESP_SIZE == 512, so this would not protect against the buffer overflow either. Is there something else that protect against the overflow, or am I missing something?
There is no overflow, there would be truncated text. snprintf will not allow the buffer to be overrun. That said, I am surprised this patch is still unapplied. At this point it needs to be re-written to use audit_log_acct_message() to send the audit event. This would take care of the problem you are reporting.
Anyway, in between https://koji.fedoraproject.org/koji/taskinfo?taskID=2063498 builds.
(In reply to comment #7) > There is no overflow, there would be truncated text. snprintf will not allow > the buffer to be overrun. That said, I am surprised this patch is still > unapplied. At this point it needs to be re-written to use > audit_log_acct_message() to send the audit event. This would take care of the > problem you are reporting. I am not a maintainer of this component, just went through old bugs with patches. Will ask around what to do about the update of the patch.
Created attachment 401346 [details] updated patch This is an updated patch that will fix a log injection vulnerability in the original patch.
Created attachment 401348 [details] updated patch v2 Forgot that op field should be login. New patch is ready.
xorg-x11-xdm-1.1.6-19.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/xorg-x11-xdm-1.1.6-19.fc13
Build for Rawhide http://koji.fedoraproject.org/koji/taskinfo?taskID=2073303, for F-13 http://koji.fedoraproject.org/koji/taskinfo?taskID=2073330.
xorg-x11-xdm-1.1.6-19.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update xorg-x11-xdm'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/xorg-x11-xdm-1.1.6-19.fc13
xorg-x11-xdm-1.1.6-19.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.