Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 27 Oct 2019 10:53:56 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: [PATCH] remaining steps for time64 switchover

On Sun, Oct 27, 2019 at 08:32:57AM +0000, Laurent Bercot wrote:
> >Or here. So, the story on utmpx: we can either
> >
> >1. match the current size on 32-bit archs, but move the timeval to
> >   unused space at the end where a time64 version fits, or
> >
> >2. match the current size and layout of the 64-bit struct, making it
> >   possible to share records between 32- and 64-bit processes on the
> >   same machine.
> >
> >Keep in mind that this struct is not used anywhere in libc presently,
> >but normally it's used as a format for on-disk records.
> >
> >I'm kinda leaning towards option 2, but being that I don't use (and
> >hate) utmp, I'd rather hear opinions from people who do use it. Either
> >way time fields in existing data will break, so it's a question of
> >whether that one-time breakage is already sufficient to go a bit
> >further and get 32/64 compat afterwards.
> 
> I don't use the libc's utmpx, but I maintain utmps, which is a
> secure implementation of utmp, including the definition of struct
> utmpx.
> I haven't been following the time64 thing closely. The current struct
> utmpx definition includes a struct timeval. Will it need to change,
> or will musl's struct timeval change be enough and naturally propagate
> so the struct utmpx will become time64-compatible?

It will naturally propagate even if nothing is done, but then you have
the worst of both worlds of 1 and 2. You neither maintain the size and
layout of other members (which would be useful if you have old data or
a mix of old and new binaries using it) nor gain any useful
compatibility (between 32- and 64-bit on same system). You just get a
new size and layout that doesn't match either. So it's better to make
some change, I think.

Note that the difference between "do nothing" and option 2 is
basically nothing except putting padding around ut_session so that
ut_tv will start on a 0 mod 8 boundary. This will happen naturally on
most archs but not i386 (and m68k but there's no corresponding 64-bit
arch there anyway). The proposal I have in mind is basically:

-	long ut_session;
+#if __BYTE_ORDER == 1234
+	int ut_session, __ut_pad2;
+#else
+	int __ut_pad2, ut_session;
+#endif

doing this for 64-bit too since ut_session is semantically 32-bit
(pid_t) and glibc has it as 32-bit on x86_64. (I'd also add explicit
padding for ut_type just because m68k is wacky and doesn't align ints
even, to fix that while we have the chance.)

> On-disk data is not a problem. On the distro that I know uses utmps
> (Adélie), the utmp/wtmp records, by design, do not survive a reboot,
> so a reboot will fix everything - and will be mandatory anyway on
> arches where the musl ABI changes.

Reboot is not mandatory; as usual, just atomic replacement of libc.so
is.

> I'm not aware of any distribution that uses musl, doesn't use utmps,
> and still keeps on-disk utmpx records.

Thanks.

Rich

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.