[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 14 Jan 2019 11:25:34 -0500
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: Use local time in syslog() function
On Mon, Jan 14, 2019 at 10:23:03AM +0100, Michael Kaufmann wrote:
> Hi,
>
> I have found a bug in the implementation of syslog(). It should use
> the local time instead of UTC when sending the message to /dev/log.
> So in src/misc/syslog.c, the call to gmtime_r() should be replaced
> with localtime_r().
This is not a bug; rather, use of local time there in glibc and other
systems is a bug. Local time varies by the sending process and
produces inconsistent and uninterpretable log messages. Moreover the
syslog() function is not specified to depend on the environment and
thereby is not allowed to call any function whose behavior is
dependant on the environment.
If you want local times in logs, the only consistant and conforming
way to do it is to have syslogd interpret the timestamps and rewrite
them to your preferred timezone. But that still doesn't help with the
issue of ambiguous timestamps at daylight-time transition that give
attackers neat opportunities to misrepresent sequence of events
between different systems...
Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
