Bug#879515: marked as done (tmux creates invalid/dangerous utmp entries)

Sat, 11 Sep 2021 10:12:16 -0700 

Your message dated Sat, 11 Sep 2021 19:08:25 +0200
with message-id 
<caht6kzeaeuon44urkqwf-a2rogt6isxzkwekk-1dj4tymoa...@mail.gmail.com>
and subject line Closing
has caused the Debian Bug report #879515,
regarding tmux creates invalid/dangerous utmp entries
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
879515: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879515
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: tmux
Version: 2.6-1
Severity: important

Dear Maintainer,
tmux versions currently in unstable and testing are compiled with
utempter support and will use it to create utmp records with a fake
"hostname" that look like

tmux(<pid>).%<window id>

Since standard system tools (e.g. pinky) will consider this to be a
proper hostname and attempt to resolve it, this results in nonsensical
DNS requests that leak the above string to the network. In my case, the
scripts from the acpi-support package invoked pinky, which spammed the
local DNS with requests for tmux(1234).%0. However I'm reporting the bug
here, since I think tmux is the source of the problem (though it might
also be desirable for pinky to do more proper validation of the hostname
string before sending it anywhere).

I believe the proper solution would be either one of
1) stop compiling tmux with utempter, so utmp records are not set
2) change the format of the records so that they are not considered to
   be hostnames

Setting the severity to important, since
- there seems to be no way to disable this through tmux configuration
- it leaks information about the system to the network.

-- 
Anton Khirnov

--- End Message ---
--- Begin Message --- 
This was raised upstream in https://github.com/tmux/tmux/issues/1260
and as discussed there:

* There is nothing really sensitive in utmp entries.
* utempter can be globally disabled by making the helper binary
non-executable if the user *really* doesn't want utmp entries.

Nothing more will be done about this, hence I'm closing this bug.

--- End Message ---

Reply via email to