Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 4 Dec 2013 16:40:51 +0000
From: Raphael Cohn <raphael.cohn@...rmmq.com>
To: musl@...ts.openwall.com
Subject: Re: Patch to musl to provide wtmp for Linux PAM

Thanks for the reply - I realise udpwtmp is a stub, but if it ever
changes... although policy would seem to make that unlikely. The only
reason I can really see to deviate from this policy is to support the
various security / monitoring tools. From memory, things like splunk might
use it.

As an aside, I actually used the *tmp files to debug random restarts of
Azure linux instances earlier this year... (for the list, the problem was
with Azure).

Given the policy I'm minded to write a private patch for updwtmp captures
some of these details and sends them to authpriv. Other things are more
pressing though...

On 4 December 2013 16:20, Szabolcs Nagy <nsz@...t70.net> wrote:

> * Raphael Cohn <raphael.cohn@...rmmq.com> [2013-12-04 14:49:32 +0000]:
> > By the way, are there any plans to support writing to lastlog / wtmp /
> etc?
> > If not, I might create a private patch to redirect the writes to syslog.
> In
> > my view, this is where information like this belongs...
>
> http://www.openwall.com/lists/musl/2012/03/04/4
>
> i think the policy hasn't changed since
>
> > --- musl-0.9.14.orig/include/utmpx.h    2013-09-23 22:01:11.000000000
> +0100
> > +++ musl-0.9.14/include/utmpx.h    2013-12-04 10:32:20.000000000 +0000
> > @@ -13,6 +13,8 @@
> >  #include <bits/alltypes.h>
> >
> >  #define UT_LINESIZE 32
> > +#define UT_NAMESIZE 32
> > +#define UT_HOSTSIZE 256
> >
>
> note that utmpx.h is defined in posix (part of the XSI option)
> and UT_ is not reserved prefix for it so even the UT_LINESIZE
> is a namespace violation (although a rather harmless one)
>
> i attach a current list of namespace violations in musl based on
> http://port70.net/~nsz/c/posix/reserved.txt
>
> > +++ musl-0.9.14/src/legacy/utmp.c    2013-12-04 14:25:40.000000000 +0000
> > @@ -0,0 +1,20 @@
> > +#include <utmp.h>
> > +#include <string.h>
> > +#include <unistd.h>
> > +#include <sys/time.h>
> > +#include "libc.h"
> > +
> > +void logwtmp(const char * line, const char * name, const char * host)
> > +{
> > +    struct utmp u;
> > +    memset(&u, 0, sizeof(u));
> > +
> > +    u.ut_pid = getpid();
> > +    u.ut_type = name[0] ? USER_PROCESS : DEAD_PROCESS;
> > +    strncpy(u.ut_line, line, sizeof(u.ut_line));
> > +    strncpy(u.ut_name, name, sizeof(u.ut_name));
> > +    strncpy(u.ut_host, host, sizeof(u.ut_host));
> > +    gettimeofday(&(u.ut_tv), NULL);
> > +
> > +    updwtmp(_PATH_WTMP, &u);
> > +}
>
> note that updwtmp is just a stub so this logwtmp does not do much
>

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.