On Tue, Apr 13, 2021 at 3:11 AM Laurent Bercot <ska-skaw...@skarnet.org> wrote: > > Please test the latest git head and tell me if it's working for you.
Yep, it's all good. Thanks for making the changes. > Anyway, I changed utmps so that ut_id - and also ut_user and ut_line, > for consistency - are treated as char arrays, not as null-terminated > strings. I think that is the correct implementation. The spec doesn't make it clear but it's implied that these fields are not C strings, they are just arrays of characters. In the few packages that read from or write to u/wtmp that I've looked at, they all have a bunch of boilerplate code to fill in the record or extract info from it, and they all (I may be overgeneralizing a bit here) treat these fields as non-null terminated, relying either on sizeof() or the non-standard UT_xxxxxSIZE macros as the max length of the field. > (This is not defensive programming, this is sanitization: the data is > provided by some user and ends up in a global database, which may then > be read by some other user. Sanitizing it is good practice.) > > In other words, I reverted to GIGO. If a client puts in a non-null- > terminated array and another client expects a null-terminating string > and makes the mistake of trusting data coming from the utmp database, > then hilarity will ensue. Too bad, they can't have it both ways. Oh I totally understand where you're coming from and you initially did what any sane C system library writer would do. <begin rant> This utmpx interface is an abomination! 1) It doesn't use null-terminated strings. For a C API, that's unintuitive, bothersome and plain stupid. 2) It exposes the raw database records, structure and data, directly to the client. 3) No sanitization or validation whatsoever. No collision detection. Any malicious or buggy client can shove anything in the database. The way I see it, this was probably slapped together by some guy at Bell Labs or Berkeley who was bored on a Sunday afternoon. That this managed to find its way AS-IS into a fundamental standard is mind-boggling. And what's up with the name? utmp, wtmp - what the heck is that supposed to mean? Temporary, yeah, that might be. And yet here we are 35 years later. Sigh. I was pretty close to throwing this whole thing in the trash bin but now that it's working I might as well keep it. Again I'm talking about utmpx the interface and related tools, not about your utmps implementation. And if nothing else I'm glad to have helped you a little. As a system administrator, I don't particularly want these tools and their talk/write cousins being available to regular users - they are indeed useless and privacy-invading nowadays. But I want to be able to keep a real-time and historical record of which users are logged into the machine, when, and from where. What alternatives are there without u/wtmp? Scanning and parsing the syslog? LOL. No, thanks. </end rant>