| Message ID | 20240809142248.929824-1-adhemerval.zanella@linaro.org |
|---|---|
| Headers | show |
| Series | Make accounting database no-op | expand |
Hi,
thank you for the patch. I would have preferred for the beginning, if
this would be configurable, since not all distributions switched or,
like rawhide, are using utmp as fallback. But since SUSE/openSUSE
switched already completely, I'm fine with removing the complete code
;)
Which also forces other developers to react and adjust their code and
Linux distributions will not compile with reenabled utmp functionality
for the next 33 years.
musl libc returns getenv("LOGNAME") or ENXIO if the variable is not
set for getlogin()/getlogin_r(). The glibc solution is better.
getutmp(): there is no way for an application to find out that nothing
was done. But I doubt that any application is using this function, I
never saw one, and it should not really create problems.
login()/logout(): musl libc does not have them, so code using this
functions expects they are implemented and not stub. Will create
several error messages in the beginning until the code is adjusted. As
we speak only about a low one digit number, not a problem for me.
Else the behavior is the same as with musl libc, so I don't expect any problems.
Thorsten
On Fri, Aug 9, 2024 at 4:22 PM Adhemerval Zanella
<adhemerval.zanella@linaro.org> wrote:
>
> The utmp/utmpx interface is the missing piece to enable full y2038
> support on glibc, and even some 64 bit architectures are not fully
> compatible (the ones that define __WORDSIZE_TIME64_COMPAT32). The
> recent 5361ad3910c257bc327567be76fde532ed238e42 (login: Use unsigned
> 32-bit types for seconds-since-epoch) postpone the issue to y2106;
> however it still does not fix long-standing issues with the API [1][2].
>
> The current implementation has some design flaws that are not
> straightforward to fix without a complete rewrite [4]. A utmp/utmpx
> daemon will also require a security model and support for multiple
> different IPC systems, which is out of scope for glibc. Also, this is
> what systemd-logind essentially does so it would be a double effort
> (the pt_chwon daemon is a remind that it is not easy to get this right).
>
> This patchset removes all accounting database implementation and makes
> the function no-op and/or return an error. There is not much gain in
> moving the current implementation to compat symbols, it does not solve
> the 64 bit time_t support for old binaries, nor it is guaranteed that
> the UTMP/UTMPX files will exist in future environments.
>
> Keeping a compat symbol also does not help with some design flags
> like BZ#24492, which I am not sure why it did not raise more security
> concerns since it is easy to create DoS attacks by preventing utmp
> updates.
>
> The utmp.h/utmpx.h headers are kept as is, even though glibc does not
> use its definition. The related path _PATH_UTMP/_PATH_WTMP/etc. points
> to invalid paths, and stub link warnings are added to the affected
> symbols.
>
> More information of alternative solutions and how to adapt applications
> on newer accounting database support can be found at
> https://www.thkukuk.de/blog/Y2038_glibc_utmp_64bit/.
>
> [1] https://sourceware.org/bugzilla/show_bug.cgi?id=28146
> [2] https://sourceware.org/bugzilla/show_bug.cgi?id=17470
> [3] https://sourceware.org/bugzilla/show_bug.cgi?id=30701
> [4] https://sourceware.org/bugzilla/show_bug.cgi?id=24492
>
> Adhemerval Zanella (2):
> login: Remove utmp fallback for getlogin
> login: Make user accounting database no-op
>
> NEWS | 22 +-
> include/set-freeres.h | 3 -
> include/unistd.h | 3 -
> include/utmp.h | 29 -
> login/Makefile | 9 +-
> login/endutxent.c | 25 -
> login/getlogin.c | 13 +-
> login/getutent.c | 28 +-
> login/getutent_r.c | 45 +-
> login/getutid.c | 25 +-
> login/getutid_r.c | 34 +-
> login/getutline.c | 27 +-
> login/getutline_r.c | 21 +-
> login/getutmp.c | 12 +-
> login/getutmpx.c | 34 --
> login/getutxent.c | 25 -
> login/getutxid.c | 25 -
> login/getutxline.c | 25 -
> login/login.c | 118 +---
> login/logout.c | 44 +-
> login/logwtmp.c | 22 +-
> login/programs/utmpdump.c | 62 ---
> login/pututxline.c | 25 -
> login/setutxent.c | 25 -
> login/tst-pututxline-cache.c | 193 -------
> login/tst-pututxline-lockfail.c | 176 ------
> login/tst-updwtmpx.c | 112 ----
> login/tst-utmp.c | 377 -------------
> login/tst-utmpx.c | 2 -
> login/updwtmp.c | 13 +-
> login/updwtmpx.c | 25 -
> login/utmp-private.h | 44 --
> login/utmp_file.c | 506 ------------------
> login/utmpname.c | 57 +-
> login/utmpxname.c | 25 -
> malloc/set-freeres.c | 6 -
> manual/users.texi | 446 ++-------------
> sysdeps/generic/paths.h | 6 +-
> sysdeps/gnu/Makefile | 13 -
> sysdeps/gnu/getutmp.c | 34 --
> sysdeps/gnu/getutmpx.c | 1 -
> sysdeps/gnu/updwtmp.c | 30 --
> sysdeps/gnu/utmp_file.c | 30 --
> sysdeps/mach/hurd/getlogin.c | 35 --
> sysdeps/unix/getlogin.c | 81 ---
> sysdeps/unix/getlogin_r.c | 103 ----
> sysdeps/unix/sysv/linux/getlogin.c | 39 --
> sysdeps/unix/sysv/linux/getlogin_r.c | 34 +-
> sysdeps/unix/sysv/linux/paths.h | 4 +-
> sysdeps/unix/sysv/linux/s390/s390-32/Makefile | 5 -
> .../unix/sysv/linux/s390/s390-32/getutent.c | 19 +-
> .../unix/sysv/linux/s390/s390-32/getutent_r.c | 11 +-
> .../unix/sysv/linux/s390/s390-32/getutid.c | 4 +-
> .../unix/sysv/linux/s390/s390-32/getutid_r.c | 2 +-
> .../unix/sysv/linux/s390/s390-32/getutline.c | 4 +-
> .../sysv/linux/s390/s390-32/getutline_r.c | 2 +-
> .../unix/sysv/linux/s390/s390-32/getutmp.c | 20 +-
> .../unix/sysv/linux/s390/s390-32/getutxent.c | 29 -
> .../unix/sysv/linux/s390/s390-32/getutxid.c | 29 -
> .../unix/sysv/linux/s390/s390-32/getutxline.c | 29 -
> sysdeps/unix/sysv/linux/s390/s390-32/login.c | 1 +
> .../unix/sysv/linux/s390/s390-32/login32.c | 37 --
> .../unix/sysv/linux/s390/s390-32/pututxline.c | 29 -
> .../unix/sysv/linux/s390/s390-32/updwtmp.c | 6 +-
> .../unix/sysv/linux/s390/s390-32/updwtmpx.c | 29 -
> .../sysv/linux/s390/s390-32/utmp-convert.h | 85 ---
> sysdeps/unix/sysv/linux/s390/s390-32/utmp32.c | 183 -------
> sysdeps/unix/sysv/linux/s390/s390-32/utmp32.h | 51 --
> .../sysv/linux/s390/s390-32/utmpx-convert.h | 84 ---
> .../unix/sysv/linux/s390/s390-32/utmpx32.c | 138 -----
> .../unix/sysv/linux/s390/s390-32/utmpx32.h | 59 --
> sysdeps/unix/sysv/linux/utmp_file.c | 36 --
> 72 files changed, 185 insertions(+), 3800 deletions(-)
> delete mode 100644 login/endutxent.c
> delete mode 100644 login/getutmpx.c
> delete mode 100644 login/getutxent.c
> delete mode 100644 login/getutxid.c
> delete mode 100644 login/getutxline.c
> delete mode 100644 login/programs/utmpdump.c
> delete mode 100644 login/pututxline.c
> delete mode 100644 login/setutxent.c
> delete mode 100644 login/tst-pututxline-cache.c
> delete mode 100644 login/tst-pututxline-lockfail.c
> delete mode 100644 login/tst-updwtmpx.c
> delete mode 100644 login/tst-utmp.c
> delete mode 100644 login/tst-utmpx.c
> delete mode 100644 login/updwtmpx.c
> delete mode 100644 login/utmp-private.h
> delete mode 100644 login/utmp_file.c
> delete mode 100644 login/utmpxname.c
> delete mode 100644 sysdeps/gnu/getutmp.c
> delete mode 100644 sysdeps/gnu/getutmpx.c
> delete mode 100644 sysdeps/gnu/updwtmp.c
> delete mode 100644 sysdeps/gnu/utmp_file.c
> delete mode 100644 sysdeps/mach/hurd/getlogin.c
> delete mode 100644 sysdeps/unix/getlogin.c
> delete mode 100644 sysdeps/unix/getlogin_r.c
> delete mode 100644 sysdeps/unix/sysv/linux/getlogin.c
> delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/getutxent.c
> delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/getutxid.c
> delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/getutxline.c
> delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/login32.c
> delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/pututxline.c
> delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/updwtmpx.c
> delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/utmp-convert.h
> delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/utmp32.c
> delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/utmp32.h
> delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/utmpx-convert.h
> delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/utmpx32.c
> delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/utmpx32.h
> delete mode 100644 sysdeps/unix/sysv/linux/utmp_file.c
>
> --
> 2.43.0
>