[Pkg-shadow-commits] r2197 - in upstream/branches/4.1.2.1: . lib src
nekral-guest at alioth.debian.org
nekral-guest at alioth.debian.org
Thu Jun 26 20:28:33 UTC 2008
Author: nekral-guest
Date: 2008-06-26 20:28:31 +0000 (Thu, 26 Jun 2008)
New Revision: 2197
Modified:
upstream/branches/4.1.2.1/ChangeLog
upstream/branches/4.1.2.1/NEWS
upstream/branches/4.1.2.1/lib/prototypes.h
upstream/branches/4.1.2.1/src/login.c
Log:
* NEWS, src/login.c: Fix an "audit log injection" vulnerability in
login. This is similar to CVE-2008-1926 (util-linux-ng's login).
This vulnerability makes it easier for attackers to hide
activities by modifying portions of log events, e.g. by appending
an addr= statement to the login name.
* lib/prototypes.h: Added definition of AUDIT_NO_ID.
Modified: upstream/branches/4.1.2.1/ChangeLog
===================================================================
--- upstream/branches/4.1.2.1/ChangeLog 2008-06-23 23:52:40 UTC (rev 2196)
+++ upstream/branches/4.1.2.1/ChangeLog 2008-06-26 20:28:31 UTC (rev 2197)
@@ -1,3 +1,12 @@
+2008-06-26 Nicolas François <nicolas.francois at centraliens.net>
+
+ * NEWS, src/login.c: Fix an "audit log injection" vulnerability in
+ login. This is similar to CVE-2008-1926 (util-linux-ng's login).
+ This vulnerability makes it easier for attackers to hide
+ activities by modifying portions of log events, e.g. by appending
+ an addr= statement to the login name.
+ * lib/prototypes.h: Added definition of AUDIT_NO_ID.
+
2008-05-25 Nicolas François <nicolas.francois at centraliens.net>
Prepare the 4.1.2 release
Modified: upstream/branches/4.1.2.1/NEWS
===================================================================
--- upstream/branches/4.1.2.1/NEWS 2008-06-23 23:52:40 UTC (rev 2196)
+++ upstream/branches/4.1.2.1/NEWS 2008-06-26 20:28:31 UTC (rev 2197)
@@ -1,5 +1,13 @@
$Id$
+shadow-4.1.2 -> shadow-4.1.2.1 UNRELEASED
+
+*** security
+- Fix an "audit log injection" vulnerability in login.
+ This vulnerability makes it easier for attackers to hide activities by
+ modifying portions of log events, e.g. by appending an addr= statement
+ to the login name.
+
shadow-4.1.1 -> shadow-4.1.2 25-05-2008
*** security:
Modified: upstream/branches/4.1.2.1/lib/prototypes.h
===================================================================
--- upstream/branches/4.1.2.1/lib/prototypes.h 2008-06-23 23:52:40 UTC (rev 2196)
+++ upstream/branches/4.1.2.1/lib/prototypes.h 2008-06-26 20:28:31 UTC (rev 2197)
@@ -126,6 +126,8 @@
#ifdef WITH_AUDIT
extern int audit_fd;
extern void audit_help_open (void);
+/* Use AUDIT_NO_ID when a name is provided to audit_logger instead of an ID */
+#define AUDIT_NO_ID ((unsigned int) -1)
extern void audit_logger (int type, const char *pgname, const char *op,
const char *name, unsigned int id, int result);
#endif
Modified: upstream/branches/4.1.2.1/src/login.c
===================================================================
--- upstream/branches/4.1.2.1/src/login.c 2008-06-23 23:52:40 UTC (rev 2196)
+++ upstream/branches/4.1.2.1/src/login.c 2008-06-26 20:28:31 UTC (rev 2197)
@@ -694,30 +694,19 @@
break;
#ifdef WITH_AUDIT
- {
- struct passwd *pw;
- char buf[64];
-
- audit_fd = audit_open ();
- /* local, no need for xgetpwnam */
- pw = getpwnam (username);
- if (pw) {
- snprintf (buf, sizeof (buf),
- "uid=%d", pw->pw_uid);
- audit_log_user_message
- (audit_fd, AUDIT_USER_LOGIN,
- buf, hostname, NULL,
- tty, 0);
- } else {
- snprintf (buf, sizeof (buf),
- "acct=%s", username);
- audit_log_user_message
- (audit_fd, AUDIT_USER_LOGIN,
- buf, hostname, NULL,
- tty, 0);
- }
- close (audit_fd);
- }
+ audit_fd = audit_open ();
+ audit_log_acct_message (audit_fd,
+ AUDIT_USER_LOGIN,
+ NULL, /* Prog. name */
+ "login",
+ (NULL!=username)?username
+ :"(unknown)",
+ AUDIT_NO_ID,
+ hostname,
+ NULL, /* addr */
+ tty,
+ 0); /* result */
+ close (audit_fd);
#endif /* WITH_AUDIT */
fprintf(stderr,"\nLogin incorrect\n");
@@ -978,15 +967,18 @@
}
#ifdef WITH_AUDIT
- {
- char buf[32];
-
- audit_fd = audit_open ();
- snprintf (buf, sizeof (buf), "uid=%d", pwd->pw_uid);
- audit_log_user_message (audit_fd, AUDIT_USER_LOGIN,
- buf, hostname, NULL, tty, 1);
- close (audit_fd);
- }
+ audit_fd = audit_open ();
+ audit_log_acct_message (audit_fd,
+ AUDIT_USER_LOGIN,
+ NULL, /* Prog. name */
+ "login",
+ NULL, /* user's name => use uid */
+ (unsigned int) pwd->pw_uid,
+ hostname,
+ NULL, /* addr */
+ tty,
+ 1); /* result */
+ close (audit_fd);
#endif /* WITH_AUDIT */
#ifndef USE_PAM /* pam_lastlog handles this */
More information about the Pkg-shadow-commits
mailing list