** Bug watch added: Debian Bug tracker #1108428 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108428
** Also affects: acct (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108428 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Debcrafters packages, which is subscribed to acct in Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated Status in Acct: New Status in acct package in Ubuntu: Fix Released Status in acct source package in Noble: Fix Released Status in acct source package in Oracular: Fix Released Status in acct source package in Plucky: Fix Released Status in acct package in Debian: Unknown Bug description: [ Impact ] The userspace processes lastcomm and dump-acct in the acct package are currently unusable on noble. This results in an inability to effectively process accounting data written by the kernel. The bug is a buffer overflow in the dev_hash.c code, which this patch fixes by adding an additional sizeof(char) to the fullname buffer to account for the added "/" character in the subsequent sprintf(). [ Test Plan ] To reproduce: * Install Ubuntu noble * Install the acct package apt install acct * Ensure process accounting is enabled accton on * Run lastcomm to get a list executed commands or dump-acct to dump the acct file lastcomm dump-acct /var/log/account/pacct * Process will terminate with a buffer overflow *** buffer overflow detected ***: terminated Aborted (core dumped) Once the fixed package is installed, running lastcomm will succeed and produce a list of executed commands. Running dump-acct will succeed and dump the acct file in human-readable format. [ Where problems could occur ] This is a fairly trivial buffer overflow fix and is unlikely to break anything else. This code only affects the acct userspace processes, which are currently unusable. I have tested this patch on several noble systems, and it properly corrects the bug without introducing any other problems. [ Other Info ] This patch has been applied to RedHat/Fedora since May 2023 and Gentoo since March 2024, with no apparent problems reported. ---- Original bug report ---- $ lastcomm atopacctd root __ 0.00 secs Tue Jan 14 10:36 *** buffer overflow detected ***: terminated Aborted (core dumped) Exit 134 $ lastcomm -f /dev/null $ $ ls -al /var/log/account/ total 20 drwxr-xr-x 2 root root 4096 Jan 15 12:17 ./ drwxrwxr-x 21 root syslog 12288 Jan 15 13:18 ../ -rw-r----- 1 root adm 704 Jan 15 12:17 pacct $ ls -al /var/crash total 88 drwxrwsrwt 2 root whoopsie 4096 Jan 15 12:18 ./ drwxr-xr-x 15 root root 4096 Sep 20 03:21 ../ -rw-r----- 1 root whoopsie 39075 Jan 15 12:17 _usr_bin_lastcomm.0.crash -rw-r----- 1 idallen whoopsie 39185 Jan 15 12:18 _usr_bin_lastcomm.1000.crash ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: acct 6.6.4-5build1 ProcVersionSignature: Ubuntu 6.8.0-51.52-generic 6.8.12 Uname: Linux 6.8.0-51-generic x86_64 ApportVersion: 2.28.1-0ubuntu3.3 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: ubuntu:GNOME Date: Wed Jan 15 13:39:39 2025 InstallationDate: Installed on 2020-09-08 (1590 days ago) InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731) SourcePackage: acct UpgradeStatus: Upgraded to noble on 2024-11-28 (49 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- Mailing list: https://launchpad.net/~debcrafters-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~debcrafters-packages More help : https://help.launchpad.net/ListHelp
