[Bug 2095035] Re: lastcomm buffer overflow detected terminated

Matthew L. Dailey 2095035 at bugs.launchpad.net
Wed Feb 19 15:55:21 UTC 2025 

I'm hoping to get this fixed in noble - otherwise these tools will be
unusable for the lifecycle of this LTS. Below is the SRU template.
Please let me know if additional information is required.

[ Impact ]

The userspace processes lastcomm and dump-acct in the acct package are
currently unusable on noble. This results in an inability to effectively
process accounting data written by the kernel.

The bug is a buffer overflow in the dev_hash.c code, which this patch
fixes by adding an additional sizeof(char) to the fullname buffer to
account for the added "/" character in the subsequent sprintf().

[ Test Plan ]

To reproduce:

* Install Ubuntu noble
* Install the acct package
apt install acct
* Ensure process accounting is enabled
accton on
* Run lastcomm to get a list executed commands or dump-acct to dump the acct file
lastcomm
dump-acct /var/log/account/pacct
* Process will terminate with a buffer overflow
*** buffer overflow detected ***: terminated
Aborted (core dumped)

Once the fixed package is installed, running lastcomm will succeed and
produce a list of executed commands. Running dump-acct will succeed and
dump the acct file in human-readable format.

[ Where problems could occur ]

This is a fairly trivial buffer overflow fix and is unlikely to break
anything else. This code only affects the acct userspace processes,
which are currently unusable.

I have tested this patch on several noble systems, and it properly
corrects the bug without introducing any other problems.

[ Other Info ]

This patch has been applied to RedHat/Fedora since May 2023 and Gentoo
since March 2024, with no apparent problems reported.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to acct in Ubuntu.
https://bugs.launchpad.net/bugs/2095035

Title:
  lastcomm buffer overflow detected terminated

Status in Acct:
  New
Status in acct package in Ubuntu:
  Fix Released

Bug description:
  $ lastcomm
  atopacctd              root     __         0.00 secs Tue Jan 14 10:36
  *** buffer overflow detected ***: terminated
  Aborted (core dumped)
  Exit 134

  $ lastcomm -f /dev/null
  $ 

  $ ls -al /var/log/account/
  total 20
  drwxr-xr-x  2 root root    4096 Jan 15 12:17 ./
  drwxrwxr-x 21 root syslog 12288 Jan 15 13:18 ../
  -rw-r-----  1 root adm      704 Jan 15 12:17 pacct

  
  $ ls -al /var/crash
  total 88
  drwxrwsrwt  2 root    whoopsie  4096 Jan 15 12:18 ./
  drwxr-xr-x 15 root    root      4096 Sep 20 03:21 ../
  -rw-r-----  1 root    whoopsie 39075 Jan 15 12:17 _usr_bin_lastcomm.0.crash
  -rw-r-----  1 idallen whoopsie 39185 Jan 15 12:18 _usr_bin_lastcomm.1000.crash

  ProblemType: Bug
  DistroRelease: Ubuntu 24.04
  Package: acct 6.6.4-5build1
  ProcVersionSignature: Ubuntu 6.8.0-51.52-generic 6.8.12
  Uname: Linux 6.8.0-51-generic x86_64
  ApportVersion: 2.28.1-0ubuntu3.3
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Wed Jan 15 13:39:39 2025
  InstallationDate: Installed on 2020-09-08 (1590 days ago)
  InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731)
  SourcePackage: acct
  UpgradeStatus: Upgraded to noble on 2024-11-28 (49 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions

More information about the foundations-bugs mailing list