From patchwork Fri Aug 9 14:22:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 818109 Delivered-To: patch@linaro.org Received: by 2002:a5d:5711:0:b0:367:895a:4699 with SMTP id a17csp326910wrv; Fri, 9 Aug 2024 07:23:07 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXAydyYC46b/8dAvqv4PfTPUDOzUxjcOfoY/lQ/Ao/1FP4YxQqK6HQjRYzDBJqLpGB+DER4oX6I8BBbJNOF/bn3 X-Google-Smtp-Source: AGHT+IEAS47RQxgOfWqfJ/qWCaNvq4xxxVtx1CTpoQEk2f1dvaiQwP5c7jegFRh6R0HctzjNsE4H X-Received: by 2002:a05:622a:5c87:b0:451:d5bf:7b03 with SMTP id d75a77b69052e-4531254a494mr22876621cf.7.1723213387616; Fri, 09 Aug 2024 07:23:07 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1723213387; cv=pass; d=google.com; s=arc-20160816; b=MQL7sMgkQ1xXOUqYfVTO3m3Xr9kbtieBfRwhw6amMCc8I6zFzOxPHCmEu+xWque/WV uanZbUYqeVeALFwqVmn3RhQZukBIXYl5ZfH+68qb5j84MioxSM99nYbUW5cxWyOI8GoK RZa3odxIkDZuJ7Kd95IqrJotuYljd6p/+TQ77yRvQ2w18kfZK1gGNgNdY0kmIL1mgHm7 y8kriYhyEU5eVmhYp9I6Q884dutRYwhKuX7N9Koa3rLHPsRnqfdh03MPLdMxIceB69Zx gezCXe5EfJT6eUyrKOPp0oCMLuJujwKMclpWw22KZYHSsk3eP5YG/CP7HTt5m7RMZaEH Kbew== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature :arc-filter:dmarc-filter:delivered-to; bh=IjQZTs2emXhgFv6AqoH6aFq1cmcWxUZrhfH2iBdAuog=; fh=cOHmEgT0s690YWNRySBvsLrXOWUAEE4CSiBVbG5oW/E=; b=e9f47kx8ORZddTEehXscpO21hKKnWiu+r3wGvqX5/SNH5VkH8gCbQkrKCFHK4EvjGD McIsZ574aBOOnFWJILnqjWGXMPjYsuugYBSdxfwF/0ewYHg3VpQuKFlSDkzmdEtBWUoT rEMLhohoPWZPpjWjufLpt7KOBchTly2SxFEViK+BvkYvBryZFWnP/j9o9tLOS8X6d93P yhOTHRUviK9wvup2+Bl0zooA9PyZ/RpkMeaJl2fdxuFEVP4obRy1kn2ZkEmQQikbLB4/ LufWLGItIXwJBwZs9x3oFXxZK/uf9C1ReTzGeW7ZWUD9BhO8TaGrBGrdjS9yAKGVCP+h 7BRg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=oNGdb2wD; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id d75a77b69052e-451c885338bsi66855641cf.728.2024.08.09.07.23.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Aug 2024 07:23:07 -0700 (PDT) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=oNGdb2wD; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id B2599385C6C0 for ; Fri, 9 Aug 2024 14:23:06 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x42c.google.com (mail-pf1-x42c.google.com [IPv6:2607:f8b0:4864:20::42c]) by sourceware.org (Postfix) with ESMTPS id C80C13858CD9 for ; Fri, 9 Aug 2024 14:22:54 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org C80C13858CD9 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org C80C13858CD9 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::42c ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1723213377; cv=none; b=xseVX74xtVZSYgQDWXQuok8euba+m++n0cc5vLY6d4hlXloeuswohQ+ITXYPj0deZ6ar5cRR+5A3F1V3GemEKfHJtX+a5Jx6J9PZoKu7iRqqHEy3nb+Y0QuPot9hxgWcuJi9aFOmWkaj1yhE/zr/Hgoyn8EmfckRpvysU1ydpbs= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1723213377; c=relaxed/simple; bh=I8oekxA6lKRGxqO6KlvglXqPsKrUftN8r+3soHpucI8=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=XlPmDto2Dq5sLiVM/Ca2pYedcFscFQhjiPDTiARSs2vvdZvsiuBTAmCIdv9Pet96phLmaxm7ziPdRWOCYiSwiqbH7fXpOZ18T8Cfmn8a/nPB/g6QD5Tgv0LbrBtz2dhBP4Nu/YYGUUkPm2oO+kysmLoqReq3OkH4xi8iXynjyyI= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pf1-x42c.google.com with SMTP id d2e1a72fcca58-7104f939aa7so1934260b3a.1 for ; Fri, 09 Aug 2024 07:22:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1723213373; x=1723818173; darn=sourceware.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=IjQZTs2emXhgFv6AqoH6aFq1cmcWxUZrhfH2iBdAuog=; b=oNGdb2wDbfeZrcLPnOR+/JhllDDog1D8HjXWuQcI6wo2EEt7QZ7yn6cmDbTVpvY2TZ 5kafLDeplI/V6dx+9m/ijwkFJRW5Dh8bb/heoGgpgUKYeM4430cQwHHwLSineLq5Qh8z z0QEHatX77sEDzC7GuTp5N7KZ/Jbc6VG1eFyt+pm4he+CsJbNQrbIOhwz5flmshS0MIH NpaSme4nPxs/pXHKOv/y8S2JURB4sA19+oPRKiIr6YLS1xonLPFxte1DUpKBx2HrvHpC vnpZtZvHadahuFL20G7lOBUB+RPVIPASx9Co8pdGgeLbhxXrYAUZrBQ2UBwr4Z/yjick RUxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723213373; x=1723818173; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=IjQZTs2emXhgFv6AqoH6aFq1cmcWxUZrhfH2iBdAuog=; b=ZL7a449xE5wqzZIJ4PdgGpOj/6N+G5M8TswN/ukc6KRzBOhjA3+DZqEKG29/EKFIKD 0Wzulzs3BhsUY7CmPMk0pWd4yn8QCSZEuAOvHzqpFSlT4p//Eln/3lXOvOFPp2bdt926 zU2pKWXzSfjOhN+yCP+jWm4gGHlN+oWE2CkvwmkGfQUzJMhm3zgklPBZM295rB0XlH/m okNpkjm3vHXUIQtZlbXe9p0YNiBj1UKYK0N5a8z6wOKA7m+F9Ak9+z80pUItKbsFBxlG BVDgHT1cfc0OM5t9f9LlaHSaVDhHkYYhrY1GrHn5YPho4ByI8KfeEahydmk3Mtmd+zPx VpGQ== X-Gm-Message-State: AOJu0YxGbBLX/QYTyq9mHVVl/GkgBiQkhdgbdxLIJmXw6j3rd/2rRz2G Ah+KSJauOE6Y7OumCsefO357vMDDaLXAXeXX/6k06VKigat0yWE4xQ+LUY5d+uIHpv9hA26PaIs 6 X-Received: by 2002:a05:6a00:1748:b0:70d:34aa:6d57 with SMTP id d2e1a72fcca58-710dc680914mr1969916b3a.4.1723213373202; Fri, 09 Aug 2024 07:22:53 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c2:347e:ece3:50dc:7701:b6f7]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-710cb20d8e1sm2668222b3a.39.2024.08.09.07.22.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Aug 2024 07:22:52 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Thorsten Kukuk , Paul Eggert , Florian Weimer Subject: [PATCH v2 0/2] Make accounting database no-op Date: Fri, 9 Aug 2024 11:22:13 -0300 Message-ID: <20240809142248.929824-1-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 X-Spam-Status: No, score=-5.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org The utmp/utmpx interface is the missing piece to enable full y2038 support on glibc, and even some 64 bit architectures are not fully compatible (the ones that define __WORDSIZE_TIME64_COMPAT32). The recent 5361ad3910c257bc327567be76fde532ed238e42 (login: Use unsigned 32-bit types for seconds-since-epoch) postpone the issue to y2106; however it still does not fix long-standing issues with the API [1][2]. The current implementation has some design flaws that are not straightforward to fix without a complete rewrite [4]. A utmp/utmpx daemon will also require a security model and support for multiple different IPC systems, which is out of scope for glibc. Also, this is what systemd-logind essentially does so it would be a double effort (the pt_chwon daemon is a remind that it is not easy to get this right). This patchset removes all accounting database implementation and makes the function no-op and/or return an error. There is not much gain in moving the current implementation to compat symbols, it does not solve the 64 bit time_t support for old binaries, nor it is guaranteed that the UTMP/UTMPX files will exist in future environments. Keeping a compat symbol also does not help with some design flags like BZ#24492, which I am not sure why it did not raise more security concerns since it is easy to create DoS attacks by preventing utmp updates. The utmp.h/utmpx.h headers are kept as is, even though glibc does not use its definition. The related path _PATH_UTMP/_PATH_WTMP/etc. points to invalid paths, and stub link warnings are added to the affected symbols. More information of alternative solutions and how to adapt applications on newer accounting database support can be found at https://www.thkukuk.de/blog/Y2038_glibc_utmp_64bit/. [1] https://sourceware.org/bugzilla/show_bug.cgi?id=28146 [2] https://sourceware.org/bugzilla/show_bug.cgi?id=17470 [3] https://sourceware.org/bugzilla/show_bug.cgi?id=30701 [4] https://sourceware.org/bugzilla/show_bug.cgi?id=24492 Adhemerval Zanella (2): login: Remove utmp fallback for getlogin login: Make user accounting database no-op NEWS | 22 +- include/set-freeres.h | 3 - include/unistd.h | 3 - include/utmp.h | 29 - login/Makefile | 9 +- login/endutxent.c | 25 - login/getlogin.c | 13 +- login/getutent.c | 28 +- login/getutent_r.c | 45 +- login/getutid.c | 25 +- login/getutid_r.c | 34 +- login/getutline.c | 27 +- login/getutline_r.c | 21 +- login/getutmp.c | 12 +- login/getutmpx.c | 34 -- login/getutxent.c | 25 - login/getutxid.c | 25 - login/getutxline.c | 25 - login/login.c | 118 +--- login/logout.c | 44 +- login/logwtmp.c | 22 +- login/programs/utmpdump.c | 62 --- login/pututxline.c | 25 - login/setutxent.c | 25 - login/tst-pututxline-cache.c | 193 ------- login/tst-pututxline-lockfail.c | 176 ------ login/tst-updwtmpx.c | 112 ---- login/tst-utmp.c | 377 ------------- login/tst-utmpx.c | 2 - login/updwtmp.c | 13 +- login/updwtmpx.c | 25 - login/utmp-private.h | 44 -- login/utmp_file.c | 506 ------------------ login/utmpname.c | 57 +- login/utmpxname.c | 25 - malloc/set-freeres.c | 6 - manual/users.texi | 446 ++------------- sysdeps/generic/paths.h | 6 +- sysdeps/gnu/Makefile | 13 - sysdeps/gnu/getutmp.c | 34 -- sysdeps/gnu/getutmpx.c | 1 - sysdeps/gnu/updwtmp.c | 30 -- sysdeps/gnu/utmp_file.c | 30 -- sysdeps/mach/hurd/getlogin.c | 35 -- sysdeps/unix/getlogin.c | 81 --- sysdeps/unix/getlogin_r.c | 103 ---- sysdeps/unix/sysv/linux/getlogin.c | 39 -- sysdeps/unix/sysv/linux/getlogin_r.c | 34 +- sysdeps/unix/sysv/linux/paths.h | 4 +- sysdeps/unix/sysv/linux/s390/s390-32/Makefile | 5 - .../unix/sysv/linux/s390/s390-32/getutent.c | 19 +- .../unix/sysv/linux/s390/s390-32/getutent_r.c | 11 +- .../unix/sysv/linux/s390/s390-32/getutid.c | 4 +- .../unix/sysv/linux/s390/s390-32/getutid_r.c | 2 +- .../unix/sysv/linux/s390/s390-32/getutline.c | 4 +- .../sysv/linux/s390/s390-32/getutline_r.c | 2 +- .../unix/sysv/linux/s390/s390-32/getutmp.c | 20 +- .../unix/sysv/linux/s390/s390-32/getutxent.c | 29 - .../unix/sysv/linux/s390/s390-32/getutxid.c | 29 - .../unix/sysv/linux/s390/s390-32/getutxline.c | 29 - sysdeps/unix/sysv/linux/s390/s390-32/login.c | 1 + .../unix/sysv/linux/s390/s390-32/login32.c | 37 -- .../unix/sysv/linux/s390/s390-32/pututxline.c | 29 - .../unix/sysv/linux/s390/s390-32/updwtmp.c | 6 +- .../unix/sysv/linux/s390/s390-32/updwtmpx.c | 29 - .../sysv/linux/s390/s390-32/utmp-convert.h | 85 --- sysdeps/unix/sysv/linux/s390/s390-32/utmp32.c | 183 ------- sysdeps/unix/sysv/linux/s390/s390-32/utmp32.h | 51 -- .../sysv/linux/s390/s390-32/utmpx-convert.h | 84 --- .../unix/sysv/linux/s390/s390-32/utmpx32.c | 138 ----- .../unix/sysv/linux/s390/s390-32/utmpx32.h | 59 -- sysdeps/unix/sysv/linux/utmp_file.c | 36 -- 72 files changed, 185 insertions(+), 3800 deletions(-) delete mode 100644 login/endutxent.c delete mode 100644 login/getutmpx.c delete mode 100644 login/getutxent.c delete mode 100644 login/getutxid.c delete mode 100644 login/getutxline.c delete mode 100644 login/programs/utmpdump.c delete mode 100644 login/pututxline.c delete mode 100644 login/setutxent.c delete mode 100644 login/tst-pututxline-cache.c delete mode 100644 login/tst-pututxline-lockfail.c delete mode 100644 login/tst-updwtmpx.c delete mode 100644 login/tst-utmp.c delete mode 100644 login/tst-utmpx.c delete mode 100644 login/updwtmpx.c delete mode 100644 login/utmp-private.h delete mode 100644 login/utmp_file.c delete mode 100644 login/utmpxname.c delete mode 100644 sysdeps/gnu/getutmp.c delete mode 100644 sysdeps/gnu/getutmpx.c delete mode 100644 sysdeps/gnu/updwtmp.c delete mode 100644 sysdeps/gnu/utmp_file.c delete mode 100644 sysdeps/mach/hurd/getlogin.c delete mode 100644 sysdeps/unix/getlogin.c delete mode 100644 sysdeps/unix/getlogin_r.c delete mode 100644 sysdeps/unix/sysv/linux/getlogin.c delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/getutxent.c delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/getutxid.c delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/getutxline.c delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/login32.c delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/pututxline.c delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/updwtmpx.c delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/utmp-convert.h delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/utmp32.c delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/utmp32.h delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/utmpx-convert.h delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/utmpx32.c delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/utmpx32.h delete mode 100644 sysdeps/unix/sysv/linux/utmp_file.c