From patchwork Fri Aug 9 14:22:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 1970967 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=oNGdb2wD; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WgR3B0xxPz1yYl for ; Sat, 10 Aug 2024 00:23:18 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id CDFC0385DDC7 for ; Fri, 9 Aug 2024 14:23:15 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x42c.google.com (mail-pf1-x42c.google.com [IPv6:2607:f8b0:4864:20::42c]) by sourceware.org (Postfix) with ESMTPS id C80C13858CD9 for ; Fri, 9 Aug 2024 14:22:54 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org C80C13858CD9 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org C80C13858CD9 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::42c ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1723213377; cv=none; b=xseVX74xtVZSYgQDWXQuok8euba+m++n0cc5vLY6d4hlXloeuswohQ+ITXYPj0deZ6ar5cRR+5A3F1V3GemEKfHJtX+a5Jx6J9PZoKu7iRqqHEy3nb+Y0QuPot9hxgWcuJi9aFOmWkaj1yhE/zr/Hgoyn8EmfckRpvysU1ydpbs= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1723213377; c=relaxed/simple; bh=I8oekxA6lKRGxqO6KlvglXqPsKrUftN8r+3soHpucI8=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=XlPmDto2Dq5sLiVM/Ca2pYedcFscFQhjiPDTiARSs2vvdZvsiuBTAmCIdv9Pet96phLmaxm7ziPdRWOCYiSwiqbH7fXpOZ18T8Cfmn8a/nPB/g6QD5Tgv0LbrBtz2dhBP4Nu/YYGUUkPm2oO+kysmLoqReq3OkH4xi8iXynjyyI= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pf1-x42c.google.com with SMTP id d2e1a72fcca58-7104f939aa7so1934260b3a.1 for ; Fri, 09 Aug 2024 07:22:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1723213373; x=1723818173; darn=sourceware.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=IjQZTs2emXhgFv6AqoH6aFq1cmcWxUZrhfH2iBdAuog=; b=oNGdb2wDbfeZrcLPnOR+/JhllDDog1D8HjXWuQcI6wo2EEt7QZ7yn6cmDbTVpvY2TZ 5kafLDeplI/V6dx+9m/ijwkFJRW5Dh8bb/heoGgpgUKYeM4430cQwHHwLSineLq5Qh8z z0QEHatX77sEDzC7GuTp5N7KZ/Jbc6VG1eFyt+pm4he+CsJbNQrbIOhwz5flmshS0MIH NpaSme4nPxs/pXHKOv/y8S2JURB4sA19+oPRKiIr6YLS1xonLPFxte1DUpKBx2HrvHpC vnpZtZvHadahuFL20G7lOBUB+RPVIPASx9Co8pdGgeLbhxXrYAUZrBQ2UBwr4Z/yjick RUxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723213373; x=1723818173; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=IjQZTs2emXhgFv6AqoH6aFq1cmcWxUZrhfH2iBdAuog=; b=ZL7a449xE5wqzZIJ4PdgGpOj/6N+G5M8TswN/ukc6KRzBOhjA3+DZqEKG29/EKFIKD 0Wzulzs3BhsUY7CmPMk0pWd4yn8QCSZEuAOvHzqpFSlT4p//Eln/3lXOvOFPp2bdt926 zU2pKWXzSfjOhN+yCP+jWm4gGHlN+oWE2CkvwmkGfQUzJMhm3zgklPBZM295rB0XlH/m okNpkjm3vHXUIQtZlbXe9p0YNiBj1UKYK0N5a8z6wOKA7m+F9Ak9+z80pUItKbsFBxlG BVDgHT1cfc0OM5t9f9LlaHSaVDhHkYYhrY1GrHn5YPho4ByI8KfeEahydmk3Mtmd+zPx VpGQ== X-Gm-Message-State: AOJu0YxGbBLX/QYTyq9mHVVl/GkgBiQkhdgbdxLIJmXw6j3rd/2rRz2G Ah+KSJauOE6Y7OumCsefO357vMDDaLXAXeXX/6k06VKigat0yWE4xQ+LUY5d+uIHpv9hA26PaIs 6 X-Google-Smtp-Source: AGHT+IGqn+uPkVCPvKpXgncta8Dqn8sGDszNzkpzQf9yJSKgOutwMELl87dzN4QRZNefUrxbf0y/VA== X-Received: by 2002:a05:6a00:1748:b0:70d:34aa:6d57 with SMTP id d2e1a72fcca58-710dc680914mr1969916b3a.4.1723213373202; Fri, 09 Aug 2024 07:22:53 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c2:347e:ece3:50dc:7701:b6f7]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-710cb20d8e1sm2668222b3a.39.2024.08.09.07.22.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Aug 2024 07:22:52 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Thorsten Kukuk , Paul Eggert , Florian Weimer Subject: [PATCH v2 0/2] Make accounting database no-op Date: Fri, 9 Aug 2024 11:22:13 -0300 Message-ID: <20240809142248.929824-1-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 X-Spam-Status: No, score=-5.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org The utmp/utmpx interface is the missing piece to enable full y2038 support on glibc, and even some 64 bit architectures are not fully compatible (the ones that define __WORDSIZE_TIME64_COMPAT32). The recent 5361ad3910c257bc327567be76fde532ed238e42 (login: Use unsigned 32-bit types for seconds-since-epoch) postpone the issue to y2106; however it still does not fix long-standing issues with the API [1][2]. The current implementation has some design flaws that are not straightforward to fix without a complete rewrite [4]. A utmp/utmpx daemon will also require a security model and support for multiple different IPC systems, which is out of scope for glibc. Also, this is what systemd-logind essentially does so it would be a double effort (the pt_chwon daemon is a remind that it is not easy to get this right). This patchset removes all accounting database implementation and makes the function no-op and/or return an error. There is not much gain in moving the current implementation to compat symbols, it does not solve the 64 bit time_t support for old binaries, nor it is guaranteed that the UTMP/UTMPX files will exist in future environments. Keeping a compat symbol also does not help with some design flags like BZ#24492, which I am not sure why it did not raise more security concerns since it is easy to create DoS attacks by preventing utmp updates. The utmp.h/utmpx.h headers are kept as is, even though glibc does not use its definition. The related path _PATH_UTMP/_PATH_WTMP/etc. points to invalid paths, and stub link warnings are added to the affected symbols. More information of alternative solutions and how to adapt applications on newer accounting database support can be found at https://www.thkukuk.de/blog/Y2038_glibc_utmp_64bit/. [1] https://sourceware.org/bugzilla/show_bug.cgi?id=28146 [2] https://sourceware.org/bugzilla/show_bug.cgi?id=17470 [3] https://sourceware.org/bugzilla/show_bug.cgi?id=30701 [4] https://sourceware.org/bugzilla/show_bug.cgi?id=24492 Adhemerval Zanella (2): login: Remove utmp fallback for getlogin login: Make user accounting database no-op NEWS | 22 +- include/set-freeres.h | 3 - include/unistd.h | 3 - include/utmp.h | 29 - login/Makefile | 9 +- login/endutxent.c | 25 - login/getlogin.c | 13 +- login/getutent.c | 28 +- login/getutent_r.c | 45 +- login/getutid.c | 25 +- login/getutid_r.c | 34 +- login/getutline.c | 27 +- login/getutline_r.c | 21 +- login/getutmp.c | 12 +- login/getutmpx.c | 34 -- login/getutxent.c | 25 - login/getutxid.c | 25 - login/getutxline.c | 25 - login/login.c | 118 +--- login/logout.c | 44 +- login/logwtmp.c | 22 +- login/programs/utmpdump.c | 62 --- login/pututxline.c | 25 - login/setutxent.c | 25 - login/tst-pututxline-cache.c | 193 ------- login/tst-pututxline-lockfail.c | 176 ------ login/tst-updwtmpx.c | 112 ---- login/tst-utmp.c | 377 ------------- login/tst-utmpx.c | 2 - login/updwtmp.c | 13 +- login/updwtmpx.c | 25 - login/utmp-private.h | 44 -- login/utmp_file.c | 506 ------------------ login/utmpname.c | 57 +- login/utmpxname.c | 25 - malloc/set-freeres.c | 6 - manual/users.texi | 446 ++------------- sysdeps/generic/paths.h | 6 +- sysdeps/gnu/Makefile | 13 - sysdeps/gnu/getutmp.c | 34 -- sysdeps/gnu/getutmpx.c | 1 - sysdeps/gnu/updwtmp.c | 30 -- sysdeps/gnu/utmp_file.c | 30 -- sysdeps/mach/hurd/getlogin.c | 35 -- sysdeps/unix/getlogin.c | 81 --- sysdeps/unix/getlogin_r.c | 103 ---- sysdeps/unix/sysv/linux/getlogin.c | 39 -- sysdeps/unix/sysv/linux/getlogin_r.c | 34 +- sysdeps/unix/sysv/linux/paths.h | 4 +- sysdeps/unix/sysv/linux/s390/s390-32/Makefile | 5 - .../unix/sysv/linux/s390/s390-32/getutent.c | 19 +- .../unix/sysv/linux/s390/s390-32/getutent_r.c | 11 +- .../unix/sysv/linux/s390/s390-32/getutid.c | 4 +- .../unix/sysv/linux/s390/s390-32/getutid_r.c | 2 +- .../unix/sysv/linux/s390/s390-32/getutline.c | 4 +- .../sysv/linux/s390/s390-32/getutline_r.c | 2 +- .../unix/sysv/linux/s390/s390-32/getutmp.c | 20 +- .../unix/sysv/linux/s390/s390-32/getutxent.c | 29 - .../unix/sysv/linux/s390/s390-32/getutxid.c | 29 - .../unix/sysv/linux/s390/s390-32/getutxline.c | 29 - sysdeps/unix/sysv/linux/s390/s390-32/login.c | 1 + .../unix/sysv/linux/s390/s390-32/login32.c | 37 -- .../unix/sysv/linux/s390/s390-32/pututxline.c | 29 - .../unix/sysv/linux/s390/s390-32/updwtmp.c | 6 +- .../unix/sysv/linux/s390/s390-32/updwtmpx.c | 29 - .../sysv/linux/s390/s390-32/utmp-convert.h | 85 --- sysdeps/unix/sysv/linux/s390/s390-32/utmp32.c | 183 ------- sysdeps/unix/sysv/linux/s390/s390-32/utmp32.h | 51 -- .../sysv/linux/s390/s390-32/utmpx-convert.h | 84 --- .../unix/sysv/linux/s390/s390-32/utmpx32.c | 138 ----- .../unix/sysv/linux/s390/s390-32/utmpx32.h | 59 -- sysdeps/unix/sysv/linux/utmp_file.c | 36 -- 72 files changed, 185 insertions(+), 3800 deletions(-) delete mode 100644 login/endutxent.c delete mode 100644 login/getutmpx.c delete mode 100644 login/getutxent.c delete mode 100644 login/getutxid.c delete mode 100644 login/getutxline.c delete mode 100644 login/programs/utmpdump.c delete mode 100644 login/pututxline.c delete mode 100644 login/setutxent.c delete mode 100644 login/tst-pututxline-cache.c delete mode 100644 login/tst-pututxline-lockfail.c delete mode 100644 login/tst-updwtmpx.c delete mode 100644 login/tst-utmp.c delete mode 100644 login/tst-utmpx.c delete mode 100644 login/updwtmpx.c delete mode 100644 login/utmp-private.h delete mode 100644 login/utmp_file.c delete mode 100644 login/utmpxname.c delete mode 100644 sysdeps/gnu/getutmp.c delete mode 100644 sysdeps/gnu/getutmpx.c delete mode 100644 sysdeps/gnu/updwtmp.c delete mode 100644 sysdeps/gnu/utmp_file.c delete mode 100644 sysdeps/mach/hurd/getlogin.c delete mode 100644 sysdeps/unix/getlogin.c delete mode 100644 sysdeps/unix/getlogin_r.c delete mode 100644 sysdeps/unix/sysv/linux/getlogin.c delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/getutxent.c delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/getutxid.c delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/getutxline.c delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/login32.c delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/pututxline.c delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/updwtmpx.c delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/utmp-convert.h delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/utmp32.c delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/utmp32.h delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/utmpx-convert.h delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/utmpx32.c delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/utmpx32.h delete mode 100644 sysdeps/unix/sysv/linux/utmp_file.c