← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1666203] Re: pam_tty_audit failed in pam_open_session

 

The version of pam in the proposed pocket of Xenial that was purported
to fix this bug report has been removed because the bugs that were to be
fixed by the upload were not verified in a timely (105 days) fashion.

** Tags removed: verification-needed-xenial

** Changed in: pam (Ubuntu Xenial)
       Status: Fix Committed => Won't Fix

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1666203

Title:
  pam_tty_audit failed in pam_open_session

Status in pam package in Ubuntu:
  Fix Released
Status in pam source package in Xenial:
  Won't Fix
Status in pam source package in Bionic:
  Fix Released
Status in pam source package in Cosmic:
  Fix Released
Status in pam package in Debian:
  Fix Released

Bug description:
  [Impact]

   * Kernel keystroke auditing via pam_tty_audit.so not working

   * When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed in pam_open_session.
     It was triggared by use uninitialized variable in pam_tty_audit.c::pam_open_session.

  [Test Case]

  1) Open a shell & escalate to root
  2) Update /etc/pam.d/common-session & /etc/pam.d/common-session-noninteractive and add the following line directly after the line: "session required pam_unix.so":
  "session required pam_tty_audit.so enable=*"

  3) Start a second new shell session on the box and type a variety of commands
  4) Exit the second shell session to flush the buffer?
  5) In the root shell run "aureport -tty -i". The output should show the commands run in the other shell.

  [Regression Potential]

   * Low, we are simply including the missing header file and copy the
  old status as initialization of new. The fix is already found/part of
  Debian and Disco.

  [Pending SRU]

  All regressions found in Bionic and Cosmic looks like long standing
  ADT failure. Nothing has been introduce by this particular SRU.

  [Other Info]

  # Upstream fix:
  https://github.com/linux-pam/linux-pam/commit/c5f829931a22c65feffee16570efdae036524bee

  # git describe --contains c5f829931a22c65feffee16570efdae036524bee
  Linux-PAM-1_2_0~75

  # rmadision pam
  =>  pam | 1.1.8-1ubuntu2.2   | trusty-updates   | source
  =>  pam | 1.1.8-3.2ubuntu2   | xenial           | source
  =>  pam | 1.1.8-3.2ubuntu2.1 | xenial-updates   | source
  =>  pam | 1.1.8-3.6ubuntu2   | bionic           | source
  =>  pam | 1.1.8-3.6ubuntu2   | cosmic           | source
      pam | 1.3.1-5ubuntu1     | disco            | source

  [Original Description]

  Dear Maintainer.

  I found a bug in pam_tty_audit.
  When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed in pam_open_session.
  It was triggared by use uninitialized variable in pam_tty_audit.c::pam_open_session.

  * Enviroments
  Ubuntu 14.04.4 LTS
  linux-image-3.16.0-71-generic    3.16.0-71.92~14.04.1
  libpam-ldap:amd64    184-8.5ubuntu3
  libpam-modules:amd64    1.1.8-1ubuntu2.2

  Ubuntu 16.04.2 TLS
  linux-image-4.4.0-62-generic    4.4.0-62.83
  libpam-ldap:amd64    184-8.7ubuntu1
  libpam-modules:amd64    1.1.8-3.2ubuntu2

  * Reproduction method
  1. Install libpam-ldap.
  2. Add the following to the end of /etc/pam.d/common-sessions
  --------
  session required pam_tty_audit.so enable=* open_only
  --------
  3. When logging in with ssh etc., pam_tty_audit will fail and login fails

  * Solution (== 2018/04/16 Link updated ==)
  apply upstream patch
  https://github.com/linux-pam/linux-pam/commit/c5f829931a22c65feffee16570efdae036524bee

  * Logs (on Ubuntu14.04)
  -- auth.log --
  May 18 14:47:03 vm sshd[2272]: Accepted publickey for test from 10.99.0.1 port 51398 ssh2: RSA 8f:39:1c:3a:f4:9d:ca:99:67:fc:e3:fd:1e:0c:5b:a8
  May 18 14:47:03 vm sshd[2272]: pam_unix(sshd:session): session opened for user test by (uid=0)
  May 18 14:47:03 vm sshd[2272]: pam_tty_audit(sshd:session): error setting current audit status: Invalid argument
  May 18 14:47:03 vm sshd[2272]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session
  May 18 14:47:03 vm sshd[2297]: Received disconnect from 10.99.0.1: 11: disconnected by user

  -- syslog --
  May 18 14:47:03 vm audispd: node=vm type=USER_ACCT msg=audit(1463550423.399:58): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success'
  May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.403:59): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success'
  May 18 14:47:03 vm audispd: node=vm type=LOGIN msg=audit(1463550423.403:60): pid=2272 uid=0 old-auid=4294967295 auid=20299 old-ses=4294967295 ses=3 res=1
  May 18 14:47:03 vm audispd: node=vm type=CONFIG_CHANGE msg=audit(1463550423.403:61): pid=2272 uid=0 auid=20299 ses=3 op=tty_set old-enabled=0 new-enabled=1 old-log_passwd=0 new-log_passwd=32743 res=0
  May 18 14:47:03 vm audispd: node=vm type=USER_START msg=audit(1463550423.447:62): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:session_open acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=failed'
  May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.447:63): pid=2297 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success'
  May 18 14:47:03 vm audispd: node=vm type=CRED_DISP msg=audit(1463550423.451:64): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success'

  Thanks regards.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions