[Bug 2095035] Re: lastcomm buffer overflow detected terminated
Lukas Märdian
2095035 at bugs.launchpad.net
Tue Apr 15 08:10:39 UTC 2025
** Description changed:
+ [ Impact ]
+
+ The userspace processes lastcomm and dump-acct in the acct package are
+ currently unusable on noble. This results in an inability to effectively
+ process accounting data written by the kernel.
+
+ The bug is a buffer overflow in the dev_hash.c code, which this patch
+ fixes by adding an additional sizeof(char) to the fullname buffer to
+ account for the added "/" character in the subsequent sprintf().
+
+ [ Test Plan ]
+
+ To reproduce:
+
+ * Install Ubuntu noble
+ * Install the acct package
+ apt install acct
+ * Ensure process accounting is enabled
+ accton on
+ * Run lastcomm to get a list executed commands or dump-acct to dump the acct file
+ lastcomm
+ dump-acct /var/log/account/pacct
+ * Process will terminate with a buffer overflow
+ *** buffer overflow detected ***: terminated
+ Aborted (core dumped)
+
+ Once the fixed package is installed, running lastcomm will succeed and
+ produce a list of executed commands. Running dump-acct will succeed and
+ dump the acct file in human-readable format.
+
+ [ Where problems could occur ]
+
+ This is a fairly trivial buffer overflow fix and is unlikely to break
+ anything else. This code only affects the acct userspace processes,
+ which are currently unusable.
+
+ I have tested this patch on several noble systems, and it properly
+ corrects the bug without introducing any other problems.
+
+ [ Other Info ]
+
+ This patch has been applied to RedHat/Fedora since May 2023 and Gentoo
+ since March 2024, with no apparent problems reported.
+
+
+ ---- Original bug report ----
+
$ lastcomm
atopacctd root __ 0.00 secs Tue Jan 14 10:36
*** buffer overflow detected ***: terminated
Aborted (core dumped)
Exit 134
$ lastcomm -f /dev/null
- $
+ $
$ ls -al /var/log/account/
total 20
drwxr-xr-x 2 root root 4096 Jan 15 12:17 ./
drwxrwxr-x 21 root syslog 12288 Jan 15 13:18 ../
-rw-r----- 1 root adm 704 Jan 15 12:17 pacct
-
$ ls -al /var/crash
total 88
drwxrwsrwt 2 root whoopsie 4096 Jan 15 12:18 ./
drwxr-xr-x 15 root root 4096 Sep 20 03:21 ../
-rw-r----- 1 root whoopsie 39075 Jan 15 12:17 _usr_bin_lastcomm.0.crash
-rw-r----- 1 idallen whoopsie 39185 Jan 15 12:18 _usr_bin_lastcomm.1000.crash
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: acct 6.6.4-5build1
ProcVersionSignature: Ubuntu 6.8.0-51.52-generic 6.8.12
Uname: Linux 6.8.0-51-generic x86_64
ApportVersion: 2.28.1-0ubuntu3.3
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: ubuntu:GNOME
Date: Wed Jan 15 13:39:39 2025
InstallationDate: Installed on 2020-09-08 (1590 days ago)
InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731)
SourcePackage: acct
UpgradeStatus: Upgraded to noble on 2024-11-28 (49 days ago)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to acct in Ubuntu.
https://bugs.launchpad.net/bugs/2095035
Title:
lastcomm buffer overflow detected terminated
Status in Acct:
New
Status in acct package in Ubuntu:
Fix Released
Status in acct source package in Noble:
Confirmed
Status in acct source package in Oracular:
Confirmed
Status in acct source package in Plucky:
Fix Released
Bug description:
[ Impact ]
The userspace processes lastcomm and dump-acct in the acct package are
currently unusable on noble. This results in an inability to
effectively process accounting data written by the kernel.
The bug is a buffer overflow in the dev_hash.c code, which this patch
fixes by adding an additional sizeof(char) to the fullname buffer to
account for the added "/" character in the subsequent sprintf().
[ Test Plan ]
To reproduce:
* Install Ubuntu noble
* Install the acct package
apt install acct
* Ensure process accounting is enabled
accton on
* Run lastcomm to get a list executed commands or dump-acct to dump the acct file
lastcomm
dump-acct /var/log/account/pacct
* Process will terminate with a buffer overflow
*** buffer overflow detected ***: terminated
Aborted (core dumped)
Once the fixed package is installed, running lastcomm will succeed and
produce a list of executed commands. Running dump-acct will succeed
and dump the acct file in human-readable format.
[ Where problems could occur ]
This is a fairly trivial buffer overflow fix and is unlikely to break
anything else. This code only affects the acct userspace processes,
which are currently unusable.
I have tested this patch on several noble systems, and it properly
corrects the bug without introducing any other problems.
[ Other Info ]
This patch has been applied to RedHat/Fedora since May 2023 and Gentoo
since March 2024, with no apparent problems reported.
---- Original bug report ----
$ lastcomm
atopacctd root __ 0.00 secs Tue Jan 14 10:36
*** buffer overflow detected ***: terminated
Aborted (core dumped)
Exit 134
$ lastcomm -f /dev/null
$
$ ls -al /var/log/account/
total 20
drwxr-xr-x 2 root root 4096 Jan 15 12:17 ./
drwxrwxr-x 21 root syslog 12288 Jan 15 13:18 ../
-rw-r----- 1 root adm 704 Jan 15 12:17 pacct
$ ls -al /var/crash
total 88
drwxrwsrwt 2 root whoopsie 4096 Jan 15 12:18 ./
drwxr-xr-x 15 root root 4096 Sep 20 03:21 ../
-rw-r----- 1 root whoopsie 39075 Jan 15 12:17 _usr_bin_lastcomm.0.crash
-rw-r----- 1 idallen whoopsie 39185 Jan 15 12:18 _usr_bin_lastcomm.1000.crash
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: acct 6.6.4-5build1
ProcVersionSignature: Ubuntu 6.8.0-51.52-generic 6.8.12
Uname: Linux 6.8.0-51-generic x86_64
ApportVersion: 2.28.1-0ubuntu3.3
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: ubuntu:GNOME
Date: Wed Jan 15 13:39:39 2025
InstallationDate: Installed on 2020-09-08 (1590 days ago)
InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731)
SourcePackage: acct
UpgradeStatus: Upgraded to noble on 2024-11-28 (49 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions
More information about the foundations-bugs
mailing list