diff --git a/ChangeLog b/ChangeLog index 0407579b..3df04570 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2008-07-12 Nicolas François + + * ChangeLog, NEWS, src/login.c: Re-inject the changes from 4.1.2.1. + 2008-07-11 Nicolas François * src/usermod.c: Do not call usr_update() if it will have no @@ -1236,6 +1240,22 @@ * configure.in: Allow --disable-man and --enable-man=no. +2008-06-26 Nicolas François + + Prepare the 4.1.2.1 release + * NEWS: set the release date. + * man/po/*.po, po/*.po: Updated PO files. + * configure.in: Set the version to 4.1.2.1. + +2008-06-26 Nicolas François + + * NEWS, src/login.c: Fix an "audit log injection" vulnerability in + login. This is similar to CVE-2008-1926 (util-linux-ng's login). + This vulnerability makes it easier for attackers to hide + activities by modifying portions of log events, e.g. by appending + an addr= statement to the login name. + * lib/prototypes.h: Added definition of AUDIT_NO_ID. + 2008-05-25 Nicolas François Prepare the 4.1.2 release diff --git a/NEWS b/NEWS index ef3346d2..94828643 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,6 @@ $Id$ -shadow-4.1.2 -> shadow-4.1.3 UNRELEASED +shadow-4.1.2.1 -> shadow-4.1.3 UNRELEASED *** general: - newusers @@ -9,6 +9,14 @@ shadow-4.1.2 -> shadow-4.1.3 UNRELEASED * Allow adding LDAP users (or any user not present in the local passwd file) to local groups +shadow-4.1.2 -> shadow-4.1.2.1 26-06-2008 + +*** security +- Fix an "audit log injection" vulnerability in login. + This vulnerability makes it easier for attackers to hide activities by + modifying portions of log events, e.g. by appending an addr= statement + to the login name. + shadow-4.1.1 -> shadow-4.1.2 25-05-2008 *** security: diff --git a/src/login.c b/src/login.c index 90f0ca25..f23e1851 100644 --- a/src/login.c +++ b/src/login.c @@ -745,31 +745,19 @@ int main (int argc, char **argv) } #ifdef WITH_AUDIT - { - struct passwd *pw; - char buf[64]; - - audit_fd = audit_open (); - /* local, no need for xgetpwnam */ - pw = getpwnam (username); - if (NULL != pw) { - snprintf (buf, sizeof (buf), - "uid=%lu", - (unsigned long) pw->pw_uid); - audit_log_user_message - (audit_fd, AUDIT_USER_LOGIN, - buf, hostname, NULL, - tty, 0); - } else { - snprintf (buf, sizeof (buf), - "acct=%s", username); - audit_log_user_message - (audit_fd, AUDIT_USER_LOGIN, - buf, hostname, NULL, - tty, 0); - } - close (audit_fd); - } + audit_fd = audit_open (); + audit_log_acct_message (audit_fd, + AUDIT_USER_LOGIN, + NULL, /* Prog. name */ + "login", + (NULL!=username)?username + :"(unknown)", + AUDIT_NO_ID, + hostname, + NULL, /* addr */ + tty, + 0); /* result */ + close (audit_fd); #endif /* WITH_AUDIT */ fprintf (stderr, "\nLogin incorrect\n"); @@ -1050,16 +1038,18 @@ int main (int argc, char **argv) } #ifdef WITH_AUDIT - { - char buf[32]; - - audit_fd = audit_open (); - snprintf (buf, sizeof (buf), "uid=%lu", - (unsigned long) pwd->pw_uid); - audit_log_user_message (audit_fd, AUDIT_USER_LOGIN, - buf, hostname, NULL, tty, 1); - close (audit_fd); - } + audit_fd = audit_open (); + audit_log_acct_message (audit_fd, + AUDIT_USER_LOGIN, + NULL, /* Prog. name */ + "login", + NULL, /* user's name => use uid */ + (unsigned int) pwd->pw_uid, + hostname, + NULL, /* addr */ + tty, + 1); /* result */ + close (audit_fd); #endif /* WITH_AUDIT */ #ifndef USE_PAM /* pam_lastlog handles this */