On Tue, Apr 13, 2021 at 3:11 AM Laurent Bercot <ska-skaw...@skarnet.org> wrote:
>   Please test the latest git head and tell me if it's working for you.

Yep, it's all good. Thanks for making the changes.

>   Anyway, I changed utmps so that ut_id - and also ut_user and ut_line,
> for consistency - are treated as char arrays, not as null-terminated
> strings.

I think that is the correct implementation. The spec doesn't make it
clear but it's implied that these fields are not C strings, they are
just arrays of characters. In the few packages that read from or write
to u/wtmp that I've looked at, they all have a bunch of boilerplate
code to fill in the record or extract info from it, and they all (I
may be overgeneralizing a bit here) treat these fields as non-null
terminated, relying either on sizeof() or the non-standard
UT_xxxxxSIZE macros as the max length of the field.

>   (This is not defensive programming, this is sanitization: the data is
> provided by some user and ends up in a global database, which may then
> be read by some other user. Sanitizing it is good practice.)
>   In other words, I reverted to GIGO. If a client puts in a non-null-
> terminated array and another client expects a null-terminating string
> and makes the mistake of trusting data coming from the utmp database,
> then hilarity will ensue. Too bad, they can't have it both ways.

Oh I totally understand where you're coming from and you initially did
what any sane C system library writer would do.

<begin rant>
This utmpx interface is an abomination!

1) It doesn't use null-terminated strings. For a C API, that's
unintuitive, bothersome and plain stupid.
2) It exposes the raw database records, structure and data, directly
to the client.
3) No sanitization or validation whatsoever. No collision detection.
Any malicious or buggy client can shove anything in the database.

The way I see it, this was probably slapped together by some guy at
Bell Labs or Berkeley who was bored on a Sunday afternoon. That this
managed to find its way AS-IS into a fundamental standard is
mind-boggling. And what's up with the name? utmp, wtmp - what the heck
is that supposed to mean? Temporary, yeah, that might be. And yet here
we are 35 years later. Sigh.

I was pretty close to throwing this whole thing in the trash bin but
now that it's working I might as well keep it. Again I'm talking about
utmpx the interface and related tools, not about your utmps
implementation. And if nothing else I'm glad to have helped you a

As a system administrator, I don't particularly want these tools and
their talk/write cousins being available to regular users - they are
indeed useless and privacy-invading nowadays. But I want to be able to
keep a real-time and historical record of which users are logged into
the machine, when, and from where. What alternatives are there without
u/wtmp? Scanning and parsing the syslog? LOL. No, thanks.
</end rant>

Reply via email to