[Bug 2095035] Re: lastcomm buffer overflow detected terminated
** Changed in: acct (Debian) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
** Changed in: acct (Debian) Status: Unknown => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
** Bug watch added: Debian Bug tracker #1108428 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108428 ** Also affects: acct (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108428 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
This bug was fixed in the package acct - 6.6.4-5ubuntu0.24.04.1 --- acct (6.6.4-5ubuntu0.24.04.1) noble; urgency=medium * debian/patches/07_sprintf-buffer-overflow.patch: Fix buffer overflow in dev_hash.c (LP: #2095035) -- matthew.l.dai...@dartmouth.edu (Matthew L. Dailey) Mon, 17 Feb 2025 10:20:50 -0500 ** Changed in: acct (Ubuntu Noble) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
This bug was fixed in the package acct - 6.6.4-5ubuntu0.24.10.1 --- acct (6.6.4-5ubuntu0.24.10.1) oracular; urgency=medium * debian/patches/07_sprintf-buffer-overflow.patch: Fix buffer overflow in dev_hash.c (LP: #2095035) -- matthew.l.dai...@dartmouth.edu (Matthew L. Dailey) Mon, 17 Feb 2025 10:20:50 -0500 ** Changed in: acct (Ubuntu Oracular) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
Hi all, thanks for the fixes! From a cursory look at the source for Jammy [0], this still seems broken there. Is there a need to get this fix into older releases as well? [0] https://git.launchpad.net/ubuntu/+source/acct/tree/dev_hash.c?h=applied/ubuntu/jammy- devel#n148 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
Actually, I can confirm this myself inside a Oracular LXD VM: Calling "lastcomm" on the old version of acct crashed like this: root@oo:~# lastcomm (sd-close)Froot __ 0.00 secs Mon Jun 23 11:15 (sd-rmrf)SFroot __ 0.00 secs Mon Jun 23 11:15 (sd-rmrf)SFroot __ 0.00 secs Mon Jun 23 11:15 systemd-timedat S root __ 0.02 secs Mon Jun 23 11:14 (sd-close)Froot __ 0.00 secs Mon Jun 23 11:15 (sd-rmrf)SFroot __ 0.00 secs Mon Jun 23 11:15 (sd-rmrf)SFroot __ 0.00 secs Mon Jun 23 11:15 systemd-hostnam S root __ 0.03 secs Mon Jun 23 11:14 *** buffer overflow detected ***: terminated Aborted (core dumped) root@oo:~# dump-acct /var/log/account/pacct accton |v3| 0.00| 0.00| 1.00| 0| 0| 2744.00| 0.00|1526| 1|S| 0|__ |Mon Jun 23 11:15:11 2025 (sd-close) |v3| 0.00| 0.00| 0.00| 0| 0| 22968.00| 0.00|1527| 1| F | 0|__ |Mon Jun 23 11:15:11 2025 *** buffer overflow detected ***: terminated Aborted (core dumped) After upgrading to version 6.6.4-5ubuntu0.24.10.1 from oracular-proposed, it produces the expected output: root@oo:~# dpkg -l | grep acct ii acct 6.6.4-5ubuntu0.24.10.1 root@oo:~# accton on Turning on process accounting, file set to the default '/var/log/account/pacct'. root@oo:~# lastcomm accton S root pts/0 0.00 secs Mon Jun 23 11:16 accton root pts/0 0.00 secs Mon Jun 23 11:16 grep root pts/0 0.00 secs Mon Jun 23 11:16 dpkg-query root pts/0 0.00 secs Mon Jun 23 11:16 apt S root pts/0 0.54 secs Mon Jun 23 11:16 [...] root@oo:~# dump-acct /var/log/account/pacct accton |v3| 0.00| 0.00| 1.00| 0| 0| 2744.00| 0.00|1526| 1|S| 0|__ |Mon Jun 23 11:15:11 2025 (sd-close) |v3| 0.00| 0.00| 0.00| 0| 0| 22968.00| 0.00|1527| 1| F | 0|__ |Mon Jun 23 11:15:11 2025 systemd-tty-ask |v3| 0.00| 0.00| 2.00| 0| 0| 16184.00| 0.00|1525|1524|S| 0|pts/1 |Mon Jun 23 11:15:11 2025 systemctl |v3| 0.00| 0.00| 2.00| 0| 0| 16488.00| 0.00|1524|1519|S| 0|pts/1 |Mon Jun 23 11:15:11 2025 deb-systemd-inv |v3| 1.00| 0.00| 5.00| 0| 0| 13152.00| 0.00|1519|1405| | 0|pts/1 |Mon Jun 23 11:15:11 2025 [...] ** Tags removed: verification-needed-oracular ** Tags added: verification-done-oracular ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
Setting verification-done-noble tags as per comment #17, #18, #19 Can someone please also test version 6.6.4-5ubuntu0.24.10.1 on Ubuntu Oracular 24.10? ** Tags removed: verification-needed-noble ** Tags added: verification-done-noble -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
I can verify that acct 6.6.4-5ubuntu0.24.04.1 from noble-proposed fixes this bug on 24.04.2. # lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 24.04.2 LTS Release:24.04 Codename: noble # apt show acct | head -n 5 Package: acct Version: 6.6.4-5ubuntu0.24.04.1 Priority: optional Section: admin Origin: Ubuntu Using lastcomm and dump-acct work properly without buffer overflows. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
I can verify that acct 6.6.4-5ubuntu0.24.04.1 from noble-proposed fixes this bug on 24.04.2. # grep VERSION= /etc/os-release VERSION="24.04.2 LTS (Noble Numbat)" # dpkg -l | grep acct ii acct 6.6.4-5ubuntu0.24.04.1 amd64GNU Accounting utilities for process and login accounting Using lastcomm and dump-acct work properly without buffer overflows. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
Hello Ian!, or anyone else affected, Accepted acct into oracular-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/acct/6.6.4-5ubuntu0.24.10.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- oracular to verification-done-oracular. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-oracular. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: acct (Ubuntu Oracular) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-oracular ** Changed in: acct (Ubuntu Noble) Status: In Progress => Fix Committed ** Tags added: verification-needed-noble -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
I followed instructions but no such package exists: apt install lastcomm Reading package lists... Done Building dependency tree... Done Reading state information... Done E: Unable to locate package lastcomm My lastcomm is still broken. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
FWIW - here's the link to upstream: https://savannah.gnu.org/bugs/index.php?67028 Not sure if it will get any attention there, but you never know. ** Bug watch added: GNU Savannah Bug Tracker #67028 http://savannah.gnu.org/bugs/?67028 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
Thanks Matthew, for the SRU template & reproducer! LGTM. I copied it up into the bug description. May I please ask you to file a bug report with the upstream project, too? They might be interested in this as well (although it seems pretty inactive, upstream). => https://savannah.gnu.org/bugs/?group=acct&func=additem I adopted the patch headers as done by Simon in comment #7, to match what we have in Plucky 25.04. Also, I adopted the version strings in your debdiff for Oracular and Noble: Oracular => 6.6.4-5ubuntu0.24.10.1 Noble=> 6.6.4-5ubuntu0.24.04.1 This is to provide a clean upgrade path, e.g.: 6.6.4-5ubuntu0.24.04.1 < 6.6.4-5ubuntu0.24.10.1 < 6.6.4-5ubuntu1 Sponsored for SRU review into the Oracular & Noble queues! ** Changed in: acct (Ubuntu Oracular) Status: Confirmed => In Progress ** Changed in: acct (Ubuntu Noble) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
** Description changed: + [ Impact ] + + The userspace processes lastcomm and dump-acct in the acct package are + currently unusable on noble. This results in an inability to effectively + process accounting data written by the kernel. + + The bug is a buffer overflow in the dev_hash.c code, which this patch + fixes by adding an additional sizeof(char) to the fullname buffer to + account for the added "/" character in the subsequent sprintf(). + + [ Test Plan ] + + To reproduce: + + * Install Ubuntu noble + * Install the acct package + apt install acct + * Ensure process accounting is enabled + accton on + * Run lastcomm to get a list executed commands or dump-acct to dump the acct file + lastcomm + dump-acct /var/log/account/pacct + * Process will terminate with a buffer overflow + *** buffer overflow detected ***: terminated + Aborted (core dumped) + + Once the fixed package is installed, running lastcomm will succeed and + produce a list of executed commands. Running dump-acct will succeed and + dump the acct file in human-readable format. + + [ Where problems could occur ] + + This is a fairly trivial buffer overflow fix and is unlikely to break + anything else. This code only affects the acct userspace processes, + which are currently unusable. + + I have tested this patch on several noble systems, and it properly + corrects the bug without introducing any other problems. + + [ Other Info ] + + This patch has been applied to RedHat/Fedora since May 2023 and Gentoo + since March 2024, with no apparent problems reported. + + + Original bug report + $ lastcomm atopacctd root __ 0.00 secs Tue Jan 14 10:36 *** buffer overflow detected ***: terminated Aborted (core dumped) Exit 134 $ lastcomm -f /dev/null - $ + $ $ ls -al /var/log/account/ total 20 drwxr-xr-x 2 root root4096 Jan 15 12:17 ./ drwxrwxr-x 21 root syslog 12288 Jan 15 13:18 ../ -rw-r- 1 root adm 704 Jan 15 12:17 pacct - $ ls -al /var/crash total 88 drwxrwsrwt 2 rootwhoopsie 4096 Jan 15 12:18 ./ drwxr-xr-x 15 rootroot 4096 Sep 20 03:21 ../ -rw-r- 1 rootwhoopsie 39075 Jan 15 12:17 _usr_bin_lastcomm.0.crash -rw-r- 1 idallen whoopsie 39185 Jan 15 12:18 _usr_bin_lastcomm.1000.crash ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: acct 6.6.4-5build1 ProcVersionSignature: Ubuntu 6.8.0-51.52-generic 6.8.12 Uname: Linux 6.8.0-51-generic x86_64 ApportVersion: 2.28.1-0ubuntu3.3 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: ubuntu:GNOME Date: Wed Jan 15 13:39:39 2025 InstallationDate: Installed on 2020-09-08 (1590 days ago) InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731) SourcePackage: acct UpgradeStatus: Upgraded to noble on 2024-11-28 (49 days ago) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
** Also affects: acct (Ubuntu Plucky) Importance: Undecided Status: Fix Released ** Also affects: acct (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: acct (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: acct (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: acct (Ubuntu Oracular) Importance: Undecided Status: New ** Also affects: acct (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: acct (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: acct (Ubuntu Jammy) Importance: Undecided Status: New ** No longer affects: acct (Ubuntu Trusty) ** No longer affects: acct (Ubuntu Xenial) ** No longer affects: acct (Ubuntu Bionic) ** No longer affects: acct (Ubuntu Focal) ** No longer affects: acct (Ubuntu Jammy) ** Changed in: acct (Ubuntu Noble) Status: New => Confirmed ** Changed in: acct (Ubuntu Oracular) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
Regarding the bug in lastcomm for the noble repository: # lastcomm *** buffer overflow detected ***: terminated Aborted (core dumped) I have a temporary fix which seems to work. The fix is based on the confirmation that lastcomm is properly patched in plucky, but not yet patched in noble. * Update apt. * Add the plucky repository to ubuntu.sources. * Update apt a second time, this will * Install lastcomm * Remove the plucky repository The specific steps are: $ sudo apt update ##Update /etc/apt/sources.list.d/ubuntu to include the lines: $ sudo cat >> /etc/apt/sources.list.d/ubuntu.sources Types: deb URIs: http://security.ubuntu.com/ubuntu/ Suites: plucky-security Components: main restricted universe multiverse Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg ^D $ sudo apt-update $ sudo apt install lastcomm To test the installation: $ sudo lastcomm|head kworker/dying Froot __ 0.00 secs Mon Mar 24 12:32 manroot pts/3 0.01 secs Mon Mar 24 13:05 man F X root pts/3 0.00 secs Mon Mar 24 13:05 head root pts/3 0.00 secs Mon Mar 24 13:05 colroot pts/3 0.00 secs Mon Mar 24 13:05 nroff root pts/3 0.00 secs Mon Mar 24 13:05 groff root pts/3 0.00 secs Mon Mar 24 13:05 grotty root pts/3 0.00 secs Mon Mar 24 13:05 troff root pts/3 0.00 secs Mon Mar 24 13:05 tblroot pts/3 0.00 secs Mon Mar 24 13:05 The cleanup step is to delete the added lines in ubuntu.sources and update apt. $ sudo cat > /etc/apt/sopurces.list.d/ubuntu.sources Types: deb URIs: http://us.archive.ubuntu.com/ubuntu/ Suites: noble noble-updates noble-backports Components: main restricted universe multiverse Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg Types: deb URIs: http://security.ubuntu.com/ubuntu/ Suites: noble-security Components: main restricted universe multiverse Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg ^D $sudo apt update At this point, the installation of lastcomm will not show in the list of installed packages. The application is properly installed and working, just no longer in the repositories being checked for installations. Hopefully the noble package will will be properly updated soon. Kevin Marinelli University of Connecticut -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
To eliminate the possibility of a corrupted pacct file, I stopped accounting, removed all existing files, and then restarted it, same result. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
I'm hoping to get this fixed in noble - otherwise these tools will be unusable for the lifecycle of this LTS. Below is the SRU template. Please let me know if additional information is required. [ Impact ] The userspace processes lastcomm and dump-acct in the acct package are currently unusable on noble. This results in an inability to effectively process accounting data written by the kernel. The bug is a buffer overflow in the dev_hash.c code, which this patch fixes by adding an additional sizeof(char) to the fullname buffer to account for the added "/" character in the subsequent sprintf(). [ Test Plan ] To reproduce: * Install Ubuntu noble * Install the acct package apt install acct * Ensure process accounting is enabled accton on * Run lastcomm to get a list executed commands or dump-acct to dump the acct file lastcomm dump-acct /var/log/account/pacct * Process will terminate with a buffer overflow *** buffer overflow detected ***: terminated Aborted (core dumped) Once the fixed package is installed, running lastcomm will succeed and produce a list of executed commands. Running dump-acct will succeed and dump the acct file in human-readable format. [ Where problems could occur ] This is a fairly trivial buffer overflow fix and is unlikely to break anything else. This code only affects the acct userspace processes, which are currently unusable. I have tested this patch on several noble systems, and it properly corrects the bug without introducing any other problems. [ Other Info ] This patch has been applied to RedHat/Fedora since May 2023 and Gentoo since March 2024, with no apparent problems reported. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
This bug was fixed in the package acct - 6.6.4-5ubuntu1 --- acct (6.6.4-5ubuntu1) plucky; urgency=medium * debian/patches/07_sprintf-buffer-overflow.patch: Fix buffer overflow in dev_hash.c (LP: #2095035) -- matthew.l.dai...@dartmouth.edu (Matthew L. Dailey) Mon, 17 Feb 2025 10:20:50 -0500 ** Changed in: acct (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
This fix has been sponsored to Plucky, with some slight changes to the DEP-3 header. If you're interested in a stable release update, could you please follow the SRU process and re-subscribe Ubuntu Sponsors when you're ready? https://documentation.ubuntu.com/sru/en/latest/ Thanks in advance! ** Changed in: acct (Ubuntu) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
The attachment "1-6.6.4-5ubuntu1.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
This is a debdiff to fix the buffer overflow in dev_hash.c. This builds successfully in pbuilder and fixes the bug in my testing. ** Patch added: "1-6.6.4-5ubuntu1.debdiff" https://bugs.launchpad.net/ubuntu/+source/acct/+bug/2095035/+attachment/5858309/+files/1-6.6.4-5ubuntu1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
It seems like this is a known issue: https://bugzilla.redhat.com/show_bug.cgi?id=2190057 https://bugs.gentoo.org/show_bug.cgi?id=925419 Did a quick compile with the patch from Fedora and the problem seems to be fixed: https://src.fedoraproject.org/rpms/psacct/blob/aeac50dc448dcc172fa05b2847666afa3d04bfe2/f/psacct-6.6.4-sprintf-buffer-overflow.patch If I get some time, I can try to put together a proper debdiff. ** Bug watch added: Red Hat Bugzilla #2190057 https://bugzilla.redhat.com/show_bug.cgi?id=2190057 ** Bug watch added: Gentoo Bugzilla #925419 https://bugs.gentoo.org/show_bug.cgi?id=925419 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: acct (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095035] Re: lastcomm buffer overflow detected terminated
My browser refused to open the root crash dump but gave no error message about why. I'm attaching the user idallen crash dump. ** Attachment added: "/var/crash/_usr_bin_lastcomm.1000.crash" https://bugs.launchpad.net/ubuntu/+source/acct/+bug/2095035/+attachment/5851923/+files/_usr_bin_lastcomm.1000.crash ** Also affects: acct Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095035 Title: lastcomm buffer overflow detected terminated To manage notifications about this bug go to: https://bugs.launchpad.net/acct/+bug/2095035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
