Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 14 Jan 2019 15:27:26 -0500
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: Use local time in syslog() function

On Mon, Jan 14, 2019 at 08:53:45PM +0100, Michael Kaufmann wrote:
> >>I have found a bug in the implementation of syslog(). It should use
> >>the local time instead of UTC when sending the message to /dev/log.
> >>So in src/misc/syslog.c, the call to gmtime_r() should be replaced
> >>with localtime_r().
> >
> >This is not a bug; rather, use of local time there in glibc and other
> >systems is a bug. Local time varies by the sending process and
> >produces inconsistent and uninterpretable log messages. Moreover the
> >syslog() function is not specified to depend on the environment and
> >thereby is not allowed to call any function whose behavior is
> >dependant on the environment.
> 
> Thank you for responding!
> 
> I agree that GMT would have been a better choice, but I think local
> time is also mandated by RFC 3164,
> https://tools.ietf.org/html/rfc3164#section-4.1.2 : "The TIMESTAMP
> field is the local time". Or does this RFC not apply for syslog() on
> Linux?

I'm not sure. Nominally it governs the udp protocol over a network,
not the interface between local processes and syslogd over /dev/log
(unix domain socket), so in that sense the answer is no, but of course
in some sense it's the same protocol.

4.2 goes on to say:

    "It should be reiterated here that the payload of any IP packet
    destined to UDP port 514 MUST be considered to be a valid syslog
    message. It is, however, RECOMMENDED that the syslog packet have
    all of the parts described in Section 4.1..."

and:

    "If the originally formed message has a TIMESTAMP in the HEADER
    part, then it SHOULD be the local time of the device within its
    timezone."

"Local time of the device" is not defined anywhere, and in an
environment where processes on a "device" (host?) could all have
different local times, again the only reasonable choice for the device
zone seems to be UTC.

One possible interpretation would be using /etc/localtime
unconditionally (ignoring $TZ) for syslog purposes, but that would be
a lot more work and would reintroduce all of the problems of local
time log messages. It's far cleaner to simply configure the logging
process to be aware that the zone of the system sending the log
messages is UTC, if it needs to be.

> There's also this older discussion:
> https://www.openwall.com/lists/musl/2014/01/28/2 - sorry, I have not
> found it before.

Yes, I should have cited it but didn't have it handy.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.