Karel Zak [Wed, 21 Mar 2007 13:12:05 +0000 (14:12 +0100)]
hwclock: add support for audit system
If you compile --with-audit the hwclock tool reports changes in sys/hw clock to
audit system. The real long-term and final solution is probably add hooks for
/dev/rtc to kernel, but it's not implemented yet.
Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Karel Zak <kzak@redhat.com>
The kernel code, when setting the BIOS clock notes that the clock time
ticks to the next second 0.5 seconds after adjusting it (see
linux/arch/i386/kernel/time.c).
hwclock --systohc sets the CMOS clock at the 1 second boundry and thus
causes the clock to be wrong by 500ms each time it is reset. If the
clock is set every shutdown then the clock will have a reboot-count
related drift as well as the natural drift problems of the clock. Note
that this also mucks up the drift calculations, of course.
Karel Zak [Wed, 14 Mar 2007 13:10:18 +0000 (14:10 +0100)]
tests: add library for LD_PRELOAD to manipulate with time() in tests
The cal command generates output that depends on time(). For reliable
regression tests we need to use still same time. It seems that LD_PRELOAD is
pretty simple way.
Karel Zak [Thu, 8 Mar 2007 22:22:06 +0000 (23:22 +0100)]
login: update 32bit utmp correctly on 64bit system
On 64-bit platforms such as x86_64, glibc is usually built with 32-bit
compatibility for various structures. One of them is utmp.
What this means is that gettimeofday(&ut.ut_tv, NULL) on x86_64 will
end up overwriting the first parts of ut_addr_v6, leading to garbage
in the utmp file.
Karel Zak [Thu, 8 Mar 2007 21:42:50 +0000 (22:42 +0100)]
login: omits PAM account validation when auth is skipped (CVE-2006-7108)
The login omits pam_acct_mgmt & chauth_tok when authentication is skipped.
Authentication may be skipped, for example, during krlogin because Kerberos
already took care of it. The problem with skipping pam_acct_mgmt is that it
allows users to use the system when maybe they should not be allowed, such that
if they have a Kerberos ticket, the other checks do not apply.
If a user had to use password authentication, pam_acct_mgmt may reject the user
for several reasons: not allowed to use the system at this time, not allowed to
use this system, user's account has been disabled, etc. Why should these tests
be skipped just because the user has a ticket?
Same with pam_chauthtok: the user may have a valid ticket, but if their
password has expired, they need to enter a new one right now.
Karel Zak [Thu, 8 Mar 2007 21:35:38 +0000 (22:35 +0100)]
login: attempt to run if it has no read/write access to its terminal
If you manage to exec login with a userid other than root, and its
input / output directed to a terminal for which it does not have
read/write access, it will attempt to proceed (and can potentially
hang forever -- but this hang has been fixed in a previous commit).
It's better to check if we have permissions for terminal rather than
do any useless things.
From: Jason Vas Dias <jvdias@redhat.com> Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak [Thu, 8 Mar 2007 21:21:15 +0000 (22:21 +0100)]
login: login's timeout can fail
Login tries to set a timeout in main() by SIGALARM. If any restartable system
call is entered, such system calls can block indefinitely and will NOT be
interrupted by the SIGALRM.
The bug appears when the login program is run for a terminal for which it
doens't have read or write permission.
In that case, login hung until manually killed by the administrator in its
tcsetattr(...) call at login.c, line 460:
/* Kill processes left on this tty */
tcsetattr(0,TCSAFLUSH,&ttt);
This may possibly be a kernel bug - instead of returning EIO / EPERM, the
kernel continously sends an infinite number of SIGTTOU signals to the process .
An 80MB strace log file was generated, consisting of >1,000,000 repetitions
of :
4964 11:00:18 ioctl(0, SNDCTL_TMR_CONTINUE or TCSETSF, {c_iflags=0x106,
c_oflags=0x1805, c_cflags=0x800000be, c_lflags=0x3b, c_line=0,
c_cc="\x03\x1c\x7f\x15\x04\x00\x01\x00\x11\x13\x1a\x00\x12\x0f\x17\x16\x00\x00\x00"})
= ? ERESTARTSYS (To be restarted)
4964 11:00:18 --- SIGTTOU (Stopped (tty output)) @ 0 (0) ---
4964 11:00:18 --- SIGTTOU (Stopped (tty output)) @ 0 (0) ---
Login's alarm signal handler DOES get the SIGALRM after the 60 second timeout,
and timedout() is called; but then timedout2 calls ioctl(0, TCSETA, &ti), which
also blocks, because the ioctl(0, TCSETSF...) of tcsetattr is in progress, and
the exit() call of timedout2 is never reached, and the tcsetattr call is
restarted.
From: Jason Vas Dias <jvdias@redhat.com> Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak [Thu, 8 Mar 2007 20:57:48 +0000 (21:57 +0100)]
login: improve work with signals
The login cannot ignore signals, because:
* SIGHUP is only way how inform session leader that controlling
tty goes away. The leader has to inform others processes in same
process group about the signal.
* SIGHUP/SIGTERM cannot kill wait(2)-ing login, we have to wait as long
as any child process exists. The PAM session has to be closed correctly.
* The child process (before setsid()) has to call exit() if a controlling
tty goes away.
This patch is inspired by patch from Red Hat that is very well tested for last
4 years in all Red Hat distros.
Karel Zak [Thu, 8 Feb 2007 14:19:36 +0000 (15:19 +0100)]
build-sys: configure.am selinux support cleanup
Changes:
- don't include SELinux as default (--with-selinux is required)
- the SELinux is not useful for login-utils only
- clean up PAM and login-utils tests in the configure.am
Karel Zak [Tue, 6 Feb 2007 10:35:15 +0000 (11:35 +0100)]
Clean up pagesize/PAGE_SIZE usage.
Now all code in util-linux uses sysconf(_SC_PAGESIZE) that is standardized and
preferred way of querying page size. The asm/page.h file is not included to the
code anymore. (This patch doesn't change mount's FS detection code which will
be removed later).
Karel Zak [Tue, 30 Jan 2007 12:18:51 +0000 (13:18 +0100)]
col: getwchar() errors shouldn't be hidden
The col truncates output when multibyte errors is detected, but the problem is
not reported to stderr and return code is still same like for successful exit.
This stupid behaviour is fixed by this patch.
Karel Zak [Tue, 30 Jan 2007 12:49:50 +0000 (13:49 +0100)]
build-sys: fix ifdef ENABLE_WIDECHAR usage
There has been unexpected mix of HAVE_WIDECHAR and ENABLE_WIDECHAR macros. The
ENABLE_WIDECHAR is old version and has to be replaced everywhere otherwise we
will see bugs with multibyte stuff.
Karel Zak [Fri, 29 Dec 2006 00:13:58 +0000 (01:13 +0100)]
ipcs: max total shared memory in kbytes instead pages
The ipcs command has reported "max total shared memory" as a number of pages.
The others IPC limits are reported in (k)bytes, so it doesn't make sense mix
pages and bytes in the same output. Now "max total shared memory" is reported in
kbytes.
Karel Zak [Thu, 4 Jan 2007 13:39:17 +0000 (14:39 +0100)]
build-sys: remove DEFAULT_INCLUDES workaround
The automake stuff uses "-I.". as a default gcc option for includes. This is a
problem for source code where is local includes with a same name like system
includes (e.g. mntent.h, paths.h). Possible workaround is overwrite the
automake DEFAULT_INCLUDES variable. But this solution produces warnings. The
best way (this patch) is probably rename the files and remove DEFAULT_INCLUDES.
projects / util-linux / log