** Description changed: + [ Impact ] + + The userspace processes lastcomm and dump-acct in the acct package are + currently unusable on noble. This results in an inability to effectively + process accounting data written by the kernel. + + The bug is a buffer overflow in the dev_hash.c code, which this patch + fixes by adding an additional sizeof(char) to the fullname buffer to + account for the added "/" character in the subsequent sprintf(). + + [ Test Plan ] + + To reproduce: + + * Install Ubuntu noble + * Install the acct package + apt install acct + * Ensure process accounting is enabled + accton on + * Run lastcomm to get a list executed commands or dump-acct to dump the acct file + lastcomm + dump-acct /var/log/account/pacct + * Process will terminate with a buffer overflow + *** buffer overflow detected ***: terminated + Aborted (core dumped) + + Once the fixed package is installed, running lastcomm will succeed and + produce a list of executed commands. Running dump-acct will succeed and + dump the acct file in human-readable format. + + [ Where problems could occur ] + + This is a fairly trivial buffer overflow fix and is unlikely to break + anything else. This code only affects the acct userspace processes, + which are currently unusable. + + I have tested this patch on several noble systems, and it properly + corrects the bug without introducing any other problems. + + [ Other Info ] + + This patch has been applied to RedHat/Fedora since May 2023 and Gentoo + since March 2024, with no apparent problems reported. + + + ---- Original bug report ---- + $ lastcomm atopacctd root __ 0.00 secs Tue Jan 14 10:36 *** buffer overflow detected ***: terminated Aborted (core dumped) Exit 134 $ lastcomm -f /dev/null - $ + $ $ ls -al /var/log/account/ total 20 drwxr-xr-x 2 root root 4096 Jan 15 12:17 ./ drwxrwxr-x 21 root syslog 12288 Jan 15 13:18 ../ -rw-r----- 1 root adm 704 Jan 15 12:17 pacct - $ ls -al /var/crash total 88 drwxrwsrwt 2 root whoopsie 4096 Jan 15 12:18 ./ drwxr-xr-x 15 root root 4096 Sep 20 03:21 ../ -rw-r----- 1 root whoopsie 39075 Jan 15 12:17 _usr_bin_lastcomm.0.crash -rw-r----- 1 idallen whoopsie 39185 Jan 15 12:18 _usr_bin_lastcomm.1000.crash ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: acct 6.6.4-5build1 ProcVersionSignature: Ubuntu 6.8.0-51.52-generic 6.8.12 Uname: Linux 6.8.0-51-generic x86_64 ApportVersion: 2.28.1-0ubuntu3.3 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: ubuntu:GNOME Date: Wed Jan 15 13:39:39 2025 InstallationDate: Installed on 2020-09-08 (1590 days ago) InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731) SourcePackage: acct UpgradeStatus: Upgraded to noble on 2024-11-28 (49 days ago)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
