group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #28879
[Bug 1666203] Re: pam_tty_audit failed in pam_open_session
This bug was fixed in the package pam - 1.1.8-3.6ubuntu3
---------------
pam (1.1.8-3.6ubuntu3) cosmic; urgency=medium
* debian/patches-applied/fix-pam_tty_audit.patch: (LP: #1666203)
Fix pam_tty_audit log_passwd support and regression.
-- Eric Desrochers <eric.desrochers@xxxxxxxxxxxxx> Thu, 28 Feb 2019
01:20:35 +0000
** Changed in: pam (Ubuntu Cosmic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1666203
Title:
pam_tty_audit failed in pam_open_session
Status in pam package in Ubuntu:
Fix Released
Status in pam source package in Xenial:
In Progress
Status in pam source package in Bionic:
Fix Released
Status in pam source package in Cosmic:
Fix Released
Status in pam package in Debian:
Fix Released
Bug description:
[Impact]
* Kernel keystroke auditing via pam_tty_audit.so not working
* When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed in pam_open_session.
It was triggared by use uninitialized variable in pam_tty_audit.c::pam_open_session.
[Test Case]
1) Open a shell & escalate to root
2) Update /etc/pam.d/common-session & /etc/pam.d/common-session-noninteractive and add the following line directly after the line: "session required pam_unix.so":
"session required pam_tty_audit.so enable=*"
3) Start a second new shell session on the box and type a variety of commands
4) Exit the second shell session to flush the buffer?
5) In the root shell run "aureport -tty -i". The output should show the commands run in the other shell.
[Regression Potential]
* Low, we are simply including the missing header file and copy the
old status as initialization of new. The fix is already found/part of
Debian and Disco.
[Pending SRU]
All regressions found in Bionic and Cosmic looks like long standing
ADT failure. Nothing has been introduce by this particular SRU.
[Other Info]
# Upstream fix:
https://github.com/linux-pam/linux-pam/commit/c5f829931a22c65feffee16570efdae036524bee
# git describe --contains c5f829931a22c65feffee16570efdae036524bee
Linux-PAM-1_2_0~75
# rmadision pam
=> pam | 1.1.8-1ubuntu2.2 | trusty-updates | source
=> pam | 1.1.8-3.2ubuntu2 | xenial | source
=> pam | 1.1.8-3.2ubuntu2.1 | xenial-updates | source
=> pam | 1.1.8-3.6ubuntu2 | bionic | source
=> pam | 1.1.8-3.6ubuntu2 | cosmic | source
pam | 1.3.1-5ubuntu1 | disco | source
[Original Description]
Dear Maintainer.
I found a bug in pam_tty_audit.
When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed in pam_open_session.
It was triggared by use uninitialized variable in pam_tty_audit.c::pam_open_session.
* Enviroments
Ubuntu 14.04.4 LTS
linux-image-3.16.0-71-generic 3.16.0-71.92~14.04.1
libpam-ldap:amd64 184-8.5ubuntu3
libpam-modules:amd64 1.1.8-1ubuntu2.2
Ubuntu 16.04.2 TLS
linux-image-4.4.0-62-generic 4.4.0-62.83
libpam-ldap:amd64 184-8.7ubuntu1
libpam-modules:amd64 1.1.8-3.2ubuntu2
* Reproduction method
1. Install libpam-ldap.
2. Add the following to the end of /etc/pam.d/common-sessions
--------
session required pam_tty_audit.so enable=* open_only
--------
3. When logging in with ssh etc., pam_tty_audit will fail and login fails
* Solution (== 2018/04/16 Link updated ==)
apply upstream patch
https://github.com/linux-pam/linux-pam/commit/c5f829931a22c65feffee16570efdae036524bee
* Logs (on Ubuntu14.04)
-- auth.log --
May 18 14:47:03 vm sshd[2272]: Accepted publickey for test from 10.99.0.1 port 51398 ssh2: RSA 8f:39:1c:3a:f4:9d:ca:99:67:fc:e3:fd:1e:0c:5b:a8
May 18 14:47:03 vm sshd[2272]: pam_unix(sshd:session): session opened for user test by (uid=0)
May 18 14:47:03 vm sshd[2272]: pam_tty_audit(sshd:session): error setting current audit status: Invalid argument
May 18 14:47:03 vm sshd[2272]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session
May 18 14:47:03 vm sshd[2297]: Received disconnect from 10.99.0.1: 11: disconnected by user
-- syslog --
May 18 14:47:03 vm audispd: node=vm type=USER_ACCT msg=audit(1463550423.399:58): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success'
May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.403:59): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success'
May 18 14:47:03 vm audispd: node=vm type=LOGIN msg=audit(1463550423.403:60): pid=2272 uid=0 old-auid=4294967295 auid=20299 old-ses=4294967295 ses=3 res=1
May 18 14:47:03 vm audispd: node=vm type=CONFIG_CHANGE msg=audit(1463550423.403:61): pid=2272 uid=0 auid=20299 ses=3 op=tty_set old-enabled=0 new-enabled=1 old-log_passwd=0 new-log_passwd=32743 res=0
May 18 14:47:03 vm audispd: node=vm type=USER_START msg=audit(1463550423.447:62): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:session_open acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=failed'
May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.447:63): pid=2297 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success'
May 18 14:47:03 vm audispd: node=vm type=CRED_DISP msg=audit(1463550423.451:64): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success'
Thanks regards.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions
