Uploaded to Xenial.

For future reference, the patches directory goes inside debian/

Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/1666203

Title:
  pam_tty_audit failed in pam_open_session

Status in pam package in Ubuntu:
  Fix Released
Status in pam source package in Xenial:
  In Progress
Status in pam source package in Bionic:
  Fix Released
Status in pam source package in Cosmic:
  Fix Released
Status in pam package in Debian:
  Fix Released

Bug description:
  [Impact]

   * Kernel keystroke auditing via pam_tty_audit.so not working

   * When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it 
failed in pam_open_session.
     It was triggared by use uninitialized variable in 
pam_tty_audit.c::pam_open_session.

  [Test Case]

  1) Open a shell & escalate to root
  2) Update /etc/pam.d/common-session & 
/etc/pam.d/common-session-noninteractive and add the following line directly 
after the line: "session required pam_unix.so":
  "session required pam_tty_audit.so enable=*"

  3) Start a second new shell session on the box and type a variety of commands
  4) Exit the second shell session to flush the buffer?
  5) In the root shell run "aureport -tty -i". The output should show the 
commands run in the other shell.

  [Regression Potential]

   * Low, we are simply including the missing header file and copy the
  old status as initialization of new. The fix is already found/part of
  Debian and Disco.

  [Pending SRU]

  All regressions found in Bionic and Cosmic looks like long standing
  ADT failure. Nothing has been introduce by this particular SRU.

  [Other Info]

  # Upstream fix:
  
https://github.com/linux-pam/linux-pam/commit/c5f829931a22c65feffee16570efdae036524bee

  # git describe --contains c5f829931a22c65feffee16570efdae036524bee
  Linux-PAM-1_2_0~75

  # rmadision pam
  =>  pam | 1.1.8-1ubuntu2.2   | trusty-updates   | source
  =>  pam | 1.1.8-3.2ubuntu2   | xenial           | source
  =>  pam | 1.1.8-3.2ubuntu2.1 | xenial-updates   | source
  =>  pam | 1.1.8-3.6ubuntu2   | bionic           | source
  =>  pam | 1.1.8-3.6ubuntu2   | cosmic           | source
      pam | 1.3.1-5ubuntu1     | disco            | source

  [Original Description]

  Dear Maintainer.

  I found a bug in pam_tty_audit.
  When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed 
in pam_open_session.
  It was triggared by use uninitialized variable in 
pam_tty_audit.c::pam_open_session.

  * Enviroments
  Ubuntu 14.04.4 LTS
  linux-image-3.16.0-71-generic    3.16.0-71.92~14.04.1
  libpam-ldap:amd64    184-8.5ubuntu3
  libpam-modules:amd64    1.1.8-1ubuntu2.2

  Ubuntu 16.04.2 TLS
  linux-image-4.4.0-62-generic    4.4.0-62.83
  libpam-ldap:amd64    184-8.7ubuntu1
  libpam-modules:amd64    1.1.8-3.2ubuntu2

  * Reproduction method
  1. Install libpam-ldap.
  2. Add the following to the end of /etc/pam.d/common-sessions
  --------
  session required pam_tty_audit.so enable=* open_only
  --------
  3. When logging in with ssh etc., pam_tty_audit will fail and login fails

  * Solution (== 2018/04/16 Link updated ==)
  apply upstream patch
  
https://github.com/linux-pam/linux-pam/commit/c5f829931a22c65feffee16570efdae036524bee

  * Logs (on Ubuntu14.04)
  -- auth.log --
  May 18 14:47:03 vm sshd[2272]: Accepted publickey for test from 10.99.0.1 
port 51398 ssh2: RSA 8f:39:1c:3a:f4:9d:ca:99:67:fc:e3:fd:1e:0c:5b:a8
  May 18 14:47:03 vm sshd[2272]: pam_unix(sshd:session): session opened for 
user test by (uid=0)
  May 18 14:47:03 vm sshd[2272]: pam_tty_audit(sshd:session): error setting 
current audit status: Invalid argument
  May 18 14:47:03 vm sshd[2272]: error: PAM: pam_open_session(): Cannot 
make/remove an entry for the specified session
  May 18 14:47:03 vm sshd[2297]: Received disconnect from 10.99.0.1: 11: 
disconnected by user

  -- syslog --
  May 18 14:47:03 vm audispd: node=vm type=USER_ACCT 
msg=audit(1463550423.399:58): pid=2272 uid=0 auid=4294967295 ses=4294967295 
msg='op=PAM:accounting acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 
addr=10.99.0.1 terminal=ssh res=success'
  May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ 
msg=audit(1463550423.403:59): pid=2272 uid=0 auid=4294967295 ses=4294967295 
msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 
addr=10.99.0.1 terminal=ssh res=success'
  May 18 14:47:03 vm audispd: node=vm type=LOGIN msg=audit(1463550423.403:60): 
pid=2272 uid=0 old-auid=4294967295 auid=20299 old-ses=4294967295 ses=3 res=1
  May 18 14:47:03 vm audispd: node=vm type=CONFIG_CHANGE 
msg=audit(1463550423.403:61): pid=2272 uid=0 auid=20299 ses=3 op=tty_set 
old-enabled=0 new-enabled=1 old-log_passwd=0 new-log_passwd=32743 res=0
  May 18 14:47:03 vm audispd: node=vm type=USER_START 
msg=audit(1463550423.447:62): pid=2272 uid=0 auid=20299 ses=3 
msg='op=PAM:session_open acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 
addr=10.99.0.1 terminal=ssh res=failed'
  May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ 
msg=audit(1463550423.447:63): pid=2297 uid=0 auid=20299 ses=3 
msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 
addr=10.99.0.1 terminal=ssh res=success'
  May 18 14:47:03 vm audispd: node=vm type=CRED_DISP 
msg=audit(1463550423.451:64): pid=2272 uid=0 auid=20299 ses=3 
msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 
addr=10.99.0.1 terminal=ssh res=success'

  Thanks regards.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to