pam_tty_audit failed in pam_open_session
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pam (Debian) |
Fix Released
|
Unknown
|
|||
pam (Ubuntu) |
Fix Released
|
Medium
|
Don van der Haghen | ||
Xenial |
Fix Released
|
High
|
Michael Hudson-Doyle | ||
Bionic |
Fix Released
|
Medium
|
Eric Desrochers | ||
Cosmic |
Fix Released
|
Medium
|
Eric Desrochers |
Bug Description
[Impact]
* Kernel keystroke auditing via pam_tty_audit.so not working
* When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed in pam_open_session.
It was triggared by use uninitialized variable in pam_tty_
[Test Case]
1) Open a shell & escalate to root
2) Update /etc/pam.
"session required pam_tty_audit.so enable=*"
3) Start a second new shell session on the box and type a variety of commands
4) Exit the second shell session to flush the buffer?
5) In the root shell run "aureport -tty -i". The output should show the commands run in the other shell.
[Regression Potential]
* Low, we are simply including the missing header file and copy the old status as initialization of new. The fix is already found/part of Debian and Disco.
[Pending SRU]
All regressions found in Bionic and Cosmic looks like long standing ADT failure. Nothing has been introduce by this particular SRU.
[Other Info]
# Upstream fix:
https:/
# git describe --contains c5f829931a22c65
Linux-PAM-1_2_0~75
# rmadision pam
=> pam | 1.1.8-1ubuntu2.2 | trusty-updates | source
=> pam | 1.1.8-3.2ubuntu2 | xenial | source
=> pam | 1.1.8-3.2ubuntu2.1 | xenial-updates | source
=> pam | 1.1.8-3.6ubuntu2 | bionic | source
=> pam | 1.1.8-3.6ubuntu2 | cosmic | source
pam | 1.3.1-5ubuntu1 | disco | source
[Original Description]
Dear Maintainer.
I found a bug in pam_tty_audit.
When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed in pam_open_session.
It was triggared by use uninitialized variable in pam_tty_
* Enviroments
Ubuntu 14.04.4 LTS
linux-image-
libpam-ldap:amd64 184-8.5ubuntu3
libpam-
Ubuntu 16.04.2 TLS
linux-image-
libpam-ldap:amd64 184-8.7ubuntu1
libpam-
* Reproduction method
1. Install libpam-ldap.
2. Add the following to the end of /etc/pam.
--------
session required pam_tty_audit.so enable=* open_only
--------
3. When logging in with ssh etc., pam_tty_audit will fail and login fails
* Solution (== 2018/04/16 Link updated ==)
apply upstream patch
https:/
* Logs (on Ubuntu14.04)
-- auth.log --
May 18 14:47:03 vm sshd[2272]: Accepted publickey for test from 10.99.0.1 port 51398 ssh2: RSA 8f:39:1c:
May 18 14:47:03 vm sshd[2272]: pam_unix(
May 18 14:47:03 vm sshd[2272]: pam_tty_
May 18 14:47:03 vm sshd[2272]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session
May 18 14:47:03 vm sshd[2297]: Received disconnect from 10.99.0.1: 11: disconnected by user
-- syslog --
May 18 14:47:03 vm audispd: node=vm type=USER_ACCT msg=audit(
May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(
May 18 14:47:03 vm audispd: node=vm type=LOGIN msg=audit(
May 18 14:47:03 vm audispd: node=vm type=CONFIG_CHANGE msg=audit(
May 18 14:47:03 vm audispd: node=vm type=USER_START msg=audit(
May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(
May 18 14:47:03 vm audispd: node=vm type=CRED_DISP msg=audit(
Thanks regards.
description: | updated |
Changed in pam (Ubuntu): | |
status: | Confirmed → Triaged |
importance: | Undecided → Medium |
tags: | added: bionic |
tags: | added: trusty xen |
tags: |
added: cosmic disco xenial removed: xen |
Changed in pam (Debian): | |
status: | Unknown → New |
Changed in pam (Debian): | |
status: | New → Fix Released |
description: | updated |
description: | updated |
Changed in pam (Ubuntu Xenial): | |
importance: | Undecided → High |
Changed in pam (Ubuntu Bionic): | |
importance: | Undecided → High |
description: | updated |
Changed in pam (Ubuntu Cosmic): | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Eric Desrochers (slashd) |
Changed in pam (Ubuntu Bionic): | |
assignee: | Don van der Haghen (donvdh) → Eric Desrochers (slashd) |
importance: | High → Medium |
description: | updated |
tags: | removed: verification-needed |
Changed in pam (Ubuntu Xenial): | |
status: | Won't Fix → In Progress |
assignee: | Don van der Haghen (donvdh) → Michael Hudson-Doyle (mwhudson) |
Status changed to 'Confirmed' because the bug affects multiple users.