[Bug 1209238] New: AUDIT-0: latslog2: New pam_lastlog2 module replacing pam_lastlog
https://bugzilla.suse.com/show_bug.cgi?id=1209238 Bug ID: 1209238 Summary: AUDIT-0: latslog2: New pam_lastlog2 module replacing pam_lastlog Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: kukuk@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Since lastlog and pam_lastlog are not Y2038 safe, there is a new lastlog2 package with a new PAM Module pam_lastlog2.so https://build.opensuse.org/package/show/Linux-PAM/lastlog2 https://github.com/thkukuk/lastlog2 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1209238 https://bugzilla.suse.com/show_bug.cgi?id=1209238#c1 Matthias Gerstner <matthias.gerstner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |matthias.gerstner@suse.com --- Comment #1 from Matthias Gerstner <matthias.gerstner@suse.com> --- Thank you for opening the review bug. We will schedule the review. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1209238 Wolfgang Frisch <wolfgang.frisch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |wolfgang.frisch@suse.com Summary|AUDIT-0: latslog2: New |AUDIT-0: lastlog2: New |pam_lastlog2 module |pam_lastlog2 module |replacing pam_lastlog |replacing pam_lastlog -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1209238 https://bugzilla.suse.com/show_bug.cgi?id=1209238#c2 Wolfgang Frisch <wolfgang.frisch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED Assignee|security-team@suse.de |wolfgang.frisch@suse.com --- Comment #2 from Wolfgang Frisch <wolfgang.frisch@suse.com> --- I will start working on the review shortly. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1209238 https://bugzilla.suse.com/show_bug.cgi?id=1209238#c3 Wolfgang Frisch <wolfgang.frisch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |IN_PROGRESS --- Comment #3 from Wolfgang Frisch <wolfgang.frisch@suse.com> --- [ 26s] -lastlog2.x86_64: E: pam-file-unauthorized (Badness: 10) /usr/lib64/security/pam_lastlog2.so (sha256 file digest default filter:20e74c0807c7128001b57ca43e19ede0bcdfb510980834c0d246466397f348e6 shell filter:<failed-to-calculate> xml filter:<failed-to-calculate>) [ 26s] +lastlog2.x86_64: E: pam-file-unauthorized (Badness: 10) /usr/lib64/security/pam_lastlog2.so (sha256 file digest default filter:75b74dc37f43cdc41160f84300aaece3dc9fbebdc6931c34bbbc1c68092cf064 shell filter:<failed-to-calculate> xml filter:<failed-to-calculate>) -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1209238 https://bugzilla.suse.com/show_bug.cgi?id=1209238#c4 --- Comment #4 from Thorsten Kukuk <kukuk@suse.com> --- Any update here? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1209238 Wolfgang Frisch <wolfgang.frisch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1209587 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1209238 Thorsten Kukuk <kukuk@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|1209587 | -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1209238 Wolfgang Frisch <wolfgang.frisch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1209587 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1209238 https://bugzilla.suse.com/show_bug.cgi?id=1209238#c6 --- Comment #6 from Wolfgang Frisch <wolfgang.frisch@suse.com> --- I'm done with the audit. lastlog2 implements a PAM session interface that logs user information to a world-readable sqlite3 database. An accompanying binary /usr/bin/lastlog2 parses this information. The latter also includes an import feature to migrate old lastlog files. The only finding (CWE-89) was discovered in the PAM part of the package: https://bugzilla.suse.com/show_bug.cgi?id=1209587 Upstream addressed this promptly and correctly already, so there's nothing in the way of a whitelisting. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1209238 Wolfgang Frisch <wolfgang.frisch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|1209587 | Depends on| |1209587 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1209238 https://bugzilla.suse.com/show_bug.cgi?id=1209238#c7 --- Comment #7 from Wolfgang Frisch <wolfgang.frisch@suse.com> --- https://github.com/rpm-software-management/rpmlint/pull/1031 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1209238 https://bugzilla.suse.com/show_bug.cgi?id=1209238#c8 Filippo Bonazzi <filippo.bonazzi@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |filippo.bonazzi@suse.com --- Comment #8 from Filippo Bonazzi <filippo.bonazzi@suse.com> --- PR#1031 merged. Waiting to submit to OBS until existing rpmlint SR has gone through, as it's already in staging. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1209238 https://bugzilla.suse.com/show_bug.cgi?id=1209238#c10 Wolfgang Frisch <wolfgang.frisch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #10 from Wolfgang Frisch <wolfgang.frisch@suse.com> --- Request accepted, resolved. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com