From owner-freebsd-bugs@freebsd.org Tue Nov 27 20:03:50 2018 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 77499115A7AB for ; Tue, 27 Nov 2018 20:03:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 07E796B07E for ; Tue, 27 Nov 2018 20:03:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id BEBE2115A7AA; Tue, 27 Nov 2018 20:03:49 +0000 (UTC) Delivered-To: bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9BBE7115A7A9 for ; Tue, 27 Nov 2018 20:03:49 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 37E1A6B07D for ; Tue, 27 Nov 2018 20:03:49 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 5167AD35E for ; Tue, 27 Nov 2018 20:03:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id wARK3m5K074394 for ; Tue, 27 Nov 2018 20:03:48 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id wARK3mHl074392 for bugs@FreeBSD.org; Tue, 27 Nov 2018 20:03:48 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 233578] Unprivileged local user can prevent other users logging in by locking utx.active Date: Tue, 27 Nov 2018 20:03:48 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 11.2-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: davmac@davmac.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Rspamd-Queue-Id: 07E796B07E X-Spamd-Result: default: False [1.20 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_SPAM_LONG(0.42)[0.419,0]; NEURAL_SPAM_SHORT(0.45)[0.450,0]; NEURAL_SPAM_MEDIUM(0.33)[0.331,0]; ASN(0.00)[asn:10310, ipnet:2001:1900:2254::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Nov 2018 20:03:50 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D233578 Bug ID: 233578 Summary: Unprivileged local user can prevent other users logging in by locking utx.active Product: Base System Version: 11.2-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: davmac@davmac.org The utx.active database (/var/run/utx.active) maintains a list of currently logged-in users; it needs to be updated when a user logs in or out. This fi= le is world-readable (which allows "who" to list logged-in users without requi= ring suid root). Since updating the file requires locking it, and this is done via open with O_EXLOCK, it is possible for a user to indefinitely postpone updates to the file by locking the file themselves. Program below can be used to do this (= does not require root privileges). While this program is running it will be impossible for any other user (including root) to log in to the system. The problematic locking code is in pututxline.c, function futx_open(), here: https://github.com/freebsd/freebsd/blob/master/lib/libc/gen/pututxline.c#L46 The example program is as follows: --- begin --- #include #include #include #include int main(int argc, char **argv) { open("/var/run/utx.active", O_EXLOCK | O_RDONLY); sleep(100); } --- end --- This program runs for 100 seconds during which no other logins will be poss= ible (and logouts will also stall). In terms of solution, I would recommend either: (a) making the file not world-readable and making "who" and any other relev= ant programs setgid to a group with permission to read the file, or (b) changing the locking mechanism implemented in pututxline.c, so that it locks a separate file which is not world readable and uses that lock to con= trol access to the utx.active file. Note that GNU libc has a similar issue, but uses an fcntl-based lock with a timeout of 10 seconds. This means that logins can not be completely disable= d by the user, but they can prevent the utmp (equivalent to utx.active) database from being updated. I do not recommend this approach. --=20 You are receiving this mail because: You are the assignee for the bug.=