Possible security vulnerability (Elevation of privilige)

Tharbad · 2016-09-11 13:23:59

Hi everyone,

I think I found a bug but I don't know where to report it. Can you help?

Here's what happened:
1) GUI froze (tty1)
2) I switched to tty2 (cmd) to check what happened.
3) After entering the right username and password, the login process froze (the cursor kept blinking).
4) I pressed Ctrl+C and got myself a root session (with "bash4.3#" prefix).

Just to make sure, here's the content of my user bashrc:

#
# ~/.bashrc
#
# If not running interactively, don't do anything
[[ $- != *i* ]] && return
alias ls='ls --color=auto'
PS1='[\u@\h \W]\$ '

System bashrc:

#
# /etc/bash.bashrc
#
# If not running interactively, don't do anything
[[ $- != *i* ]] && return
PS1='[\u@\h \W]\$ '
PS2='> '
PS3='> '
PS4='+ '
case ${TERM} in
xterm*|rxvt*|Eterm|aterm|kterm|gnome*)
PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"'
;;
screen)
PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033_%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"'
;;
esac
[ -r /usr/share/bash-completion/bash_completion ] && . /usr/share/bash-completion/bash_completion

Last edited by Tharbad (2016-09-11 13:25:03)

loafer · 2016-09-11 14:02:27

Are you sure you haven't got a debug shell running and you inadvertently switched to tty9? Although it would probably have displayed "sh-4.3#" rather than bash. Check if debug-shell.service is enabled just to be sure.

Tharbad · 2016-09-12 02:14:16

It was tty2 and debug shell state is unloaded.

fsckd · 2016-09-13 16:22:25

Hi, I got your email. I am unable to replicate this behaviour. Are you able to? If so, please give us a step by step method to reproduce the problem. Also share log files too: a full journal report, logind logs, or other stuff would be helpful.

Edit: Also, just to confirm, was this a normal user (UID > 1000) you were trying to log in as? Have you made changes to your system, like with PAM or anything? Share config files for PAM if you changed things there. Also please share the contents of /etc/os-release.

When reporting a bug, you want to share as much relevant info. as you can. (Particularly steps to reproduce. If one can recreate the issue on their own system, they can analyze it directly.) The questions asked are, (1) Is this actually a bug? There is no harm if it isn't. Things can be complicated and it is easy to forget/overlook something. (2) What is causing the issue? There are a few things involved in login. Which is the source of the problem? Knowing this can help you know who to report the bug to.

Last edited by fsckd (2016-09-13 17:01:03)

Tharbad · 2016-09-17 08:25:13

Thanks for answering.

Log: http://pastebin.com/RLw5PwKn

Edit question:
Yes. My ID is 1000.
Haven't touch PAM. But just in case one of the packages did, which file in /etc/pam.d/ you need?

Release:
NAME="Arch Linux"
ID=arch
PRETTY_NAME="Arch Linux"
ANSI_COLOR="0;36"
HOME_URL="https://www.archlinux.org/"
SUPPORT_URL="https://bbs.archlinux.org/"
BUG_REPORT_URL="https://bugs.archlinux.org/"

1) I think it is.
2) No idea

In addition to what I wrote above, in the background I had a VM that cause the GUI freeze.
The VM was doing some handbrake jobs. The freeze ended when the VM was aborted by Virtualbox.

Last edited by Tharbad (2016-09-17 13:54:48)

Arch Linux

#1 2016-09-11 13:23:59

Possible security vulnerability (Elevation of privilige)

#2 2016-09-11 14:02:27

Re: Possible security vulnerability (Elevation of privilige)

#3 2016-09-12 02:14:16

Re: Possible security vulnerability (Elevation of privilige)

#4 2016-09-13 16:22:25

Re: Possible security vulnerability (Elevation of privilige)

#5 2016-09-17 08:25:13

Re: Possible security vulnerability (Elevation of privilige)

Board footer