Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG, Page 11 of 804  Not logged in ELOG logo
New entries since:Thu Jan 1 01:00:00 1970
icon4.gif   segmentation fault when "restrict edit" is used and "new" is allowed for anonymous users, posted by Andreas Luedeke on Mon Jun 20 05:31:31 2011 elogd.cfg
The simple config file below produces a segmentation fault when elogd is started,
http://localhost/Test/?cmd=New
is opened in the browser and then e.g. "Entry" is switched to "Problem".

gdb shows the following output:

(gdb) run -c /usr/local/elog/elogd.cfg
Starting program: /usr/local/sbin/elogd -c /usr/local/elog/elogd.cfg
elogd 2.9.0 built Jun 20 2011, 04:57:23 revision 2414
Falling back to default group "elog"
Falling back to default user "elog"
FCKedit detected
Falling back to default group "elog"
Falling back to default user "elog"
ImageMagick detected
Indexing logbooks ... done
Server listening on port 80 ...

Program received signal SIGSEGV, Segmentation fault.
0x080a2940 in get_user_line (lbs=0xae3c1c0, user=0x0, password=0x0, full_name=0xbfca1690 "", email=0x0, email_notify=0x0,
last_logout=0x0, inactive=0x0) at src/elogd.c:24864
24864 if (!str[0] || !user[0])
icon8.gif   segmentation fault, posted by Heiko Scheit on Fri Feb 13 12:18:19 2004 
Around line 2240 (in loc()) in elogd.c the following is written, 
which results in an infinite loop, since loc() recursively with
the same argument "Change %s".

   /* special case: "Change %s" */
   if (strstr(orig, "Change ")) {
      sprintf(result, loc("Change %s"), orig + 7);
      return result;
   }

For now I just commented these lines.
icon4.gif   segfault on empty, non-writable passwd file, posted by Achim Dreyer on Mon Mar 26 13:44:23 2012 

 

Segfault when password file is empty and not writable a segmentation fault is generated when a new user tries to register:

 

root#  > passwd

root#  chown root.root passwd

root#  chmod 644 passwd

root#  grep -i usr elogd.cfg

root#


kernel: [515323.672377] elogd[31048]: segfault at 78 ip 00000000004ba780 sp 00007fff03cd2078 error 4 in elogd[400000+dc000]
 

I cannot reproduce this error when running within gdb.

 

icon1.gif   segfault in auth.c:366, posted by gary holman on Fri Apr 23 04:59:58 2021 

Elog version:  ELOG V3.1.4-611489ba

I am running openldap on the localhost.  For some reason now, elogd is segfaulting when (I believe) when a new user is being added to the password file.  For example:

1. I delete user passord file defined in elogd.cfg

2. Bind/Authenticate to LDAP successfully

3.  Segfaults in auth.c ldap_adduser_file()

 

Makefile:
...
ELOGDIR    = /opt/elog
DESTDIR    = $(ROOT)$(PREFIX)/bin
SDESTDIR   = $(ROOT)$(PREFIX)/sbin
RCDIR      = $(ROOT)/etc/rc.d/init.d
SRVDIR     = $(ROOT)/usr/lib/systemd/system

# flag for SSL support
USE_SSL    = 1

# flag for Kerberos support, please turn off if you don't need Kerberos
USE_KRB5   = 0

# flag for LDAP support, please turn off if you don't need LDAP
USE_LDAP   = 1# flag for PAM support, please turn of if you don't need PAM
USE_PAM    = 0
...

For authentication, I am using openldap in the localhost:

----
Authentication = LDAP
LDAP server = ldap://localhost:389
LDAP userbase = ou=people,dc=example,dc=org
LDAP login attribute = uid
LDAP register = 1
Password file = /opt/elog/users
 

gdb output

----------

(gdb) run -s /opt/elog -c /opt/elog/elogd.cfg -f /var/run/elog/elog.pid
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/ubuntu/UPGRADE-42221/work-src/elog/elogd -s /opt/elog -c /opt/elog/elogd.cfg -f /var/run/elog/elog.pid
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
elogd 3.1.4 built Apr 22 2021, 19:19:39 revision 611489ba
File "/var/run/elog/elog.pid" exists, overwriting it.
CKeditor detected
ImageMagick detected
Indexing logbooks ... done
Server listening on port 9011 ...

Breakpoint 1, ldap_adduser_file (lbs=0x555556811ad8, user=0x7ffffffd3bd0 "testuser", password=0x5555558ea110 <_value+6000> "testuser", error_str=0x7ffffffd53d0 "", error_size=<optimized out>) at src/auth.c:350
350       if (rc != LDAP_SUCCESS) {
(gdb) n
337       rc = ldap_search_ext_s(
(gdb) n
350       if (rc != LDAP_SUCCESS) {
(gdb) n
358       for(entry = ldap_first_entry(ldap_ld,result);
(gdb) n
371                   if(strcmp(attribute,"mail")==0 || strcmp(attribute,"rfc822Mailbox")==0)
(gdb) n
361          for(attribute = ldap_first_attribute(ldap_ld,entry,&ber);
(gdb) n
365             if((values = ldap_get_values(ldap_ld,entry,attribute)) != NULL ) {
(gdb) n
366                for(i=0; values[i] != NULL; i++) {
(gdb) n

Program received signal SIGSEGV, Segmentation fault.
ldap_adduser_file (lbs=0x555556811ad8, user=0x7ffffffd3bd0 "testuser", password=0x5555558ea110 <_value+6000> "testuser", error_str=<optimized out>, error_size=<optimized out>) at src/auth.c:366
366                for(i=0; values[i] != NULL; i++) {
(gdb) p attribute
$1 = 0x5555567f6a20 "uid"
(gdb) p values
$2 = (char **) 0x567f74f0
 

This user in LDAP:
-------------------------
# TESTUSER, people, example.org
dn: uid=TESTUSER,ou=people,dc=example,dc=org
uid: TESTUSER
cn: TESTUSER
givenName: TESTUSER
sn:: VEVTVFVTRVIg
mail: TESTUSER
uidNumber: 10000
gidNumber: 10000
homeDirectory: /dev/null
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
userPassword:: e1NTSEF9Y21ua1lsdFpMZ3ZrZlZ4OUp3MFN3cUY3NWIzdkFCSWY=
 

 

 

 

icon4.gif   security in find option as a guest, posted by Etienne Van Caillie on Mon Jan 6 19:53:28 2003 
if you are guest in the find option  

select 'all logbook'

it will display all 'attributes' from other logbook 
with no option  'guest command ...'
but having the same 'attribute' name

Solution :
**********
I use the copy to command to make a copy to other logbook
with option 'guest command' enabled

in this section I remove some field so the guest user can't no see all field

I suggest to give acces to 'guest' on a second run of elog to another
port or other computer ?
icon5.gif   secure way to allow users create logbook, posted by Szu-Ching Peckner on Tue Aug 28 23:02:07 2012 

I don't think there is a good secure way so far, but would like to have your opinion. 

If I want user to create logbook for themselves, what's the best way to do it? I guess Execute $attribute = <command> may work, have it write to cfg file, but obviously it impose security problem. Is there a good and secure way to allow user to create logbook themselves?

icon3.gif   search and filters in a cookie !?, posted by Emiliano Gabrielli on Mon May 2 12:34:52 2005 
Is it possible to have last runtime filtering and viewing method to be
stored in a cookie in order to make them permanent across navigation ?

I mean:
- if I decide to view "all" entries in the elog and then open one of them, 
  I'd like not to select "show all entries" again and again
- same thing if I choose to view last week
- same for every runtime filter and/or viewing option 

hope this is simple to implement :-)  thanks in advance 
icon5.gif   search and datetime, posted by Arno Teunisse on Wed Jun 10 22:27:08 2009 Clipboard01.jpg

Hello

I have the following in elog.cfg :

Attributes = Author, Author Email, Category, Customer, server, Subject ,  Change Window Begin , Change Window End
List display = ID,Author, Author Email, Category, Customer, server,  Subject , 
Change Window Begin , Change Window End

Type Change Window Begin = datetime
Type Change Window End = datetime

So I want to be able to give a start and end date to the user.  However : If I open a find/Search I see this :

  Clipboard01.jpg

There are for each  Change Window <item>   we get  Start: and End: time entries. Was expecting only one date entrie .

Why is this ? Seems to be a feature of datetime  or am i missing something.

 

ELOG V3.1.5-3fb85fa6