Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 27 Oct 2019 10:53:56 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: [PATCH] remaining steps for time64 switchover

On Sun, Oct 27, 2019 at 08:32:57AM +0000, Laurent Bercot wrote:
> >Or here. So, the story on utmpx: we can either
> >
> >1. match the current size on 32-bit archs, but move the timeval to
> >   unused space at the end where a time64 version fits, or
> >
> >2. match the current size and layout of the 64-bit struct, making it
> >   possible to share records between 32- and 64-bit processes on the
> >   same machine.
> >
> >Keep in mind that this struct is not used anywhere in libc presently,
> >but normally it's used as a format for on-disk records.
> >
> >I'm kinda leaning towards option 2, but being that I don't use (and
> >hate) utmp, I'd rather hear opinions from people who do use it. Either
> >way time fields in existing data will break, so it's a question of
> >whether that one-time breakage is already sufficient to go a bit
> >further and get 32/64 compat afterwards.
> 
> I don't use the libc's utmpx, but I maintain utmps, which is a
> secure implementation of utmp, including the definition of struct
> utmpx.
> I haven't been following the time64 thing closely. The current struct
> utmpx definition includes a struct timeval. Will it need to change,
> or will musl's struct timeval change be enough and naturally propagate
> so the struct utmpx will become time64-compatible?

It will naturally propagate even if nothing is done, but then you have
the worst of both worlds of 1 and 2. You neither maintain the size and
layout of other members (which would be useful if you have old data or
a mix of old and new binaries using it) nor gain any useful
compatibility (between 32- and 64-bit on same system). You just get a
new size and layout that doesn't match either. So it's better to make
some change, I think.

Note that the difference between "do nothing" and option 2 is
basically nothing except putting padding around ut_session so that
ut_tv will start on a 0 mod 8 boundary. This will happen naturally on
most archs but not i386 (and m68k but there's no corresponding 64-bit
arch there anyway). The proposal I have in mind is basically:

-	long ut_session;
+#if __BYTE_ORDER == 1234
+	int ut_session, __ut_pad2;
+#else
+	int __ut_pad2, ut_session;
+#endif

doing this for 64-bit too since ut_session is semantically 32-bit
(pid_t) and glibc has it as 32-bit on x86_64. (I'd also add explicit
padding for ut_type just because m68k is wacky and doesn't align ints
even, to fix that while we have the chance.)

> On-disk data is not a problem. On the distro that I know uses utmps
> (Adélie), the utmp/wtmp records, by design, do not survive a reboot,
> so a reboot will fix everything - and will be mandatory anyway on
> arches where the musl ABI changes.

Reboot is not mandatory; as usual, just atomic replacement of libc.so
is.

> I'm not aware of any distribution that uses musl, doesn't use utmps,
> and still keeps on-disk utmpx records.

Thanks.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.