[ubuntu-hardened] accounts-daemon crashed with SIGSEGV in dbus_connection_send()

Seth Arnold seth.arnold at canonical.com
Mon Aug 19 18:47:41 UTC 2013


On Sat, Aug 17, 2013 at 04:58:41PM +0200, Daniel Curtis wrote:
> I have just one question: does this crash[1], issue etc. with
> 'accountsservices' could be a sign of a security threat? I'm
> asking, because this package provides a set of D-Bus
> interfaces for querying and *manipulating *user account
> information (...) based on useradd, usermod etc. commands.

Hello,

I don't see a security problem; the log file indicates that the
service isn't starting because it is missing an environment variable.

Without the DBUS_SESSION_BUS_ADDRESS environment variable, the service
is not being provided. (It can't -- it can't contact the DBus session
bus.)

> There is one more thing*. *Apport log files contains something
> like this: report /var/crash/_usr_lib_accountsservice_accounts-*
> already exists and unseen, doing nothing to avoid disk usage DoS.
> 
> I understand - in some way - above note, but I'm afraid about
> 'usage DoS' text. Is there something, to worry about?

This is functioning as intended -- you do not want every crash to
automatically tie up 50-200 megabytes of drive space. Apport is deciding
that the exising crash data is sufficient and not bothering to write new
crash data.

I hope this helps,

Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20130819/4ab5fe27/attachment.pgp>


More information about the ubuntu-hardened mailing list