[Bug 56188] Wrong implementation of sys_acct() linux-syscall on user-space.
nitr0us
nitrousenador at gmail.com
Sun Aug 13 02:51:19 UTC 2006
Public bug reported:
Binary package hint: linux-source-2.6.15
BUG OVERVIEW:
This is a wrong implementation of sys_acct() linux-syscall on Ubuntu.
I've been programming some pieces of code such as account.c (enable or disable process accounting) and
reader.c (Read the file and show its content on screen)[1]. Look:
nitrous at lsd:~/x/acct-bug$ gcc account.c -o account
nitrous at lsd:~/x/acct-bug$ ./account
Usage: ./account [-de] acct_file
-d Disable
-e Enable
nitrous at lsd:~/x/acct-bug$ ./account -e ./UBUNTU606
acct(): Operation not permitted
nitrous at lsd:~/x/acct-bug$ su
Password:
root at lsd:/home/nitrous/x/acct-bug# ./account -e ./UBUNTUBREEZY
Enabled on ./UBUNTUBREEZY
root at lsd:/home/nitrous/x/acct-bug# ls
account acct.h OS_DETAILS reader.c readerv3.c sizeof sizeofv3 UBUNTU606
account.c CENTOS reader readerv3 REDHAT9 sizeof.c sizeofv3.c UBUNTUBREEZY
root at lsd:/home/nitrous/x/acct-bug# uname -a
Linux lsd 2.6.12-9-386 #1 Mon Oct 10 13:14:36 BST 2005 i6
root at lsd:/home/nitrous/x/acct-bug# ./account -d ./UBUNTUBREEZY
Disabled
root at lsd:/home/nitrous/x/acct-bug# ./reader
Usage: ./reader <acctfile>
root at lsd:/home/nitrous/x/acct-bug# ./reader ./UBUNTUBREEZY
BLOCKS CHARS T.REAL T.CPU MINOR MAJOR EXIT
COMMAND USER GID TTY R/W R/W (s. ) (s. ) PAGEF PAGEF CODE
#| UID:34822 0 0 0 7452 74.61 0.00 26365 17628 0
UID:34822 0 0 0 7452 74.62 0.00 26368 17628 0
H
UID:34822 0 0 0 7452 74.63 0.00 26371 17628 0
All the printed information is WRONG!. Ok, let's make more tests with others account files (created on
different boxes):
root at lsd:/home/nitrous/x/acct-bug# ./reader REDHAT9
BLOCKS CHARS T.REAL T.CPU MINOR MAJOR EXIT
COMMAND USER GID TTY R/W R/W (s. ) (s. ) PAGEF PAGEF CODE
#cont root 0 34816 0 0 0.00 0.00 16 86 0
#ls root 0 34816 0 0 0.01 0.00 27 145 0
uname root 0 34816 0 0 0.00 0.00 18 110 0
root at lsd:/home/nitrous/x/acct-bug# ./reader CENTOS
BLOCKS CHARS T.REAL T.CPU MINOR MAJOR EXIT
COMMAND USER GID TTY R/W R/W (s. ) (s. ) PAGEF PAGEF CODE
#cont root 0 1025 0 0 0.00 0.00 106 0 0
#dir root 0 1025 0 0 0.02 0.00 209 1 0
#ps root 0 1025 0 0 0.02 0.00 224 1 0
ls UID:500 500 1026 0 0 0.02 0.00 324 0 0
uname UID:500 500 1026 0 0 0.00 0.00 139 0 0
#ls root 0 1025 0 0 0.00 0.00 249 0 0
root at lsd:/home/nitrous/x/acct-bug# ./reader DEBIAN
BLOCKS CHARS T.REAL T.CPU MINOR MAJOR EXIT
COMMAND USER GID TTY R/W R/W (s. ) (s. ) PAGEF PAGEF CODE
#account root 0 34820 0 0 0.00 0.00 106 0 0
#ls root 0 34820 0 0 0.00 0.00 213 0 0
mozilla-bin nitrous 1000 0 0 0 114.03 0.00 13 0 0
#ps root 0 34820 0 0 0.01 0.00 271 0 0
mozilla-bin nitrous 1000 0 0 0 7.13 0.00 3 0 0
root at lsd:/home/nitrous/x/acct-bug# ./reader UBUNTU606
BLOCKS CHARS T.REAL T.CPU MINOR MAJOR EXIT
COMMAND USER GID TTY R/W R/W (s. ) (s. ) PAGEF PAGEF CODE
#\uffff UID:34816 0 0 0 13865 139.02 0.00 45512 17626 0
UID:34816 0 0 0 13865 139.09 0.00 45517 17626 65536
\uffff UID:34816 0 0 0 13859 138.65 0.00 45490 17626 2
#\uffff
UID:34816 0 0 0 13418 138.59 0.00 45488 17626 65536
UID:34816 0 0 0 13418 139.17 10.01 45522 17626 0
d
UID:34816 0 0 0 13927 139.29 0.00 45527 17626 0
@ UID:34816 0 0 0 13926 139.27 0.00 45527 17626 2
The program works fine with REDHAT, CENTOS and DEBIAN account files, but again, why it doesn't work on
UBUNTU606 and UBUNTUBREEZY?... Making some research I found this:
Ubuntu uses 'struct acct' in /usr/include/sys/acct.h (I think that kernel's ACCT_VERSION = 2), but
sys_acct(), at low-level routines really uses 'struct acct_v3' and that's why our reader program doesn't work
(The file's binary format is different).
I wrote another reader for 'struct acct_v3' using linux-2.6.12/include/linux/acct.h, look:
root at lsd:/home/nitrous/x/acct-bug# ./readerv3 ./UBUNTU606
BLOCKS CHARS MINOR MAJOR EXIT
COMMAND USER GID TTY R/W R/W PAGEF PAGEF CODE
#account root 0 34816 0 0 159 0 0
id root 0 34816 0 0 345 3 0
bash root 0 34816 0 0 796 1 0
#su root 0 34816 0 0 467 0 0
ls mysql 1001 34816 0 0 423 0 0
id root 0 34816 0 0 333 0 0
groups root 0 34816 0 0 455 0 0
bash root 0 34816 0 0 200 0 0
basename root 0 34816 0 0 303 0 0
dirname root 0 34816 0 0 232 0 0
lesspipe root 0 34816 0 0 181 0 0
lesspipe root 0 34816 0 0 200 0 0
lesspipe root 0 34816 0 0 506 0 0
bash root 0 34816 0 0 198 0 0
dircolors root 0 34816 0 0 244 0 0
bash root 0 34816 0 0 197 0 0
root at lsd:/home/nitrous/x/acct-bug# ./readerv3 ./UBUNTUBREEZY
BLOCKS CHARS MINOR MAJOR EXIT
COMMAND USER GID TTY R/W R/W PAGEF PAGEF CODE
#account root 0 34818 0 0 397 0 0
ps nitrous 1000 34818 0 0 305 2 0
cat nitrous 1000 34818 0 0 136 0 0
ls nagios 1002 34818 0 0 208 0 0
ps nagios 1002 34818 0 0 308 0 0
id nagios 1002 34818 0 0 259 0 0
#sh nagios 1002 34818 0 0 638 2 0
#su nitrous 1002 34818 0 0 331 0 0
id nitrous 1000 34818 0 0 270 0 0
It works ;)!.
TESTED ON:
[+] Ubuntu 6.06.1 LTS - Kernel: 2.6.15-26-386
[+] Ubuntu 5.10 "Breezy Badger" - 2.6.12-9-386
TIMELINE:
Bug discovered: 21/June/2006
Bug Published: 12/August/2006
Regards.
A. Alejandro Hernandez Hernandez
nitr0us [nitrousenador.at.gmail.dot.com]
Rerefences:
[1] Codes and related stuff.
http://www.genexx.org/nitrous/code/acct-bug/acct-bug.tar.gz
** Affects: linux-source-2.6.15 (Ubuntu)
Importance: Untriaged
Status: Unconfirmed
** Summary changed:
- Wrong implementation of sys_acct() linux-syscall on user-space.
+ Wrong implementation of sys_acct() linux-syscall. Discrepancies between kernel-space & user-space.
--
Wrong implementation of sys_acct() linux-syscall. Discrepancies between kernel-space & user-space.
https://launchpad.net/bugs/56188
More information about the kernel-bugs
mailing list