debcrafters-packages team mailing list archive
-
debcrafters-packages team
-
Mailing list archive
-
Message #02976
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
** Bug watch added: Debian Bug tracker #1108428
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108428
** Also affects: acct (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108428
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to acct in Ubuntu.
https://bugs.launchpad.net/bugs/2095035
Title:
lastcomm buffer overflow detected terminated
Status in Acct:
New
Status in acct package in Ubuntu:
Fix Released
Status in acct source package in Noble:
Fix Released
Status in acct source package in Oracular:
Fix Released
Status in acct source package in Plucky:
Fix Released
Status in acct package in Debian:
Unknown
Bug description:
[ Impact ]
The userspace processes lastcomm and dump-acct in the acct package are
currently unusable on noble. This results in an inability to
effectively process accounting data written by the kernel.
The bug is a buffer overflow in the dev_hash.c code, which this patch
fixes by adding an additional sizeof(char) to the fullname buffer to
account for the added "/" character in the subsequent sprintf().
[ Test Plan ]
To reproduce:
* Install Ubuntu noble
* Install the acct package
apt install acct
* Ensure process accounting is enabled
accton on
* Run lastcomm to get a list executed commands or dump-acct to dump the acct file
lastcomm
dump-acct /var/log/account/pacct
* Process will terminate with a buffer overflow
*** buffer overflow detected ***: terminated
Aborted (core dumped)
Once the fixed package is installed, running lastcomm will succeed and
produce a list of executed commands. Running dump-acct will succeed
and dump the acct file in human-readable format.
[ Where problems could occur ]
This is a fairly trivial buffer overflow fix and is unlikely to break
anything else. This code only affects the acct userspace processes,
which are currently unusable.
I have tested this patch on several noble systems, and it properly
corrects the bug without introducing any other problems.
[ Other Info ]
This patch has been applied to RedHat/Fedora since May 2023 and Gentoo
since March 2024, with no apparent problems reported.
---- Original bug report ----
$ lastcomm
atopacctd root __ 0.00 secs Tue Jan 14 10:36
*** buffer overflow detected ***: terminated
Aborted (core dumped)
Exit 134
$ lastcomm -f /dev/null
$
$ ls -al /var/log/account/
total 20
drwxr-xr-x 2 root root 4096 Jan 15 12:17 ./
drwxrwxr-x 21 root syslog 12288 Jan 15 13:18 ../
-rw-r----- 1 root adm 704 Jan 15 12:17 pacct
$ ls -al /var/crash
total 88
drwxrwsrwt 2 root whoopsie 4096 Jan 15 12:18 ./
drwxr-xr-x 15 root root 4096 Sep 20 03:21 ../
-rw-r----- 1 root whoopsie 39075 Jan 15 12:17 _usr_bin_lastcomm.0.crash
-rw-r----- 1 idallen whoopsie 39185 Jan 15 12:18 _usr_bin_lastcomm.1000.crash
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: acct 6.6.4-5build1
ProcVersionSignature: Ubuntu 6.8.0-51.52-generic 6.8.12
Uname: Linux 6.8.0-51-generic x86_64
ApportVersion: 2.28.1-0ubuntu3.3
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: ubuntu:GNOME
Date: Wed Jan 15 13:39:39 2025
InstallationDate: Installed on 2020-09-08 (1590 days ago)
InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731)
SourcePackage: acct
UpgradeStatus: Upgraded to noble on 2024-11-28 (49 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions
