hwclock reports incorrect status in audit message

Bug #1865504 reported by Joy Latten on 2020-03-02
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
util-linux (Debian)
Fix Released
Unknown
util-linux (Ubuntu)
High
Joy Latten
Bionic
Medium
Mauricio Faria de Oliveira
Eoan
Medium
Mauricio Faria de Oliveira

Bug Description

[Impact]

hwclock reports incorrect status in audit message:
- hwclock calls audit_log_user_message(3) to create an audit entry.
- audit_log_user_message(3) result 1 is "success" and 0 is "failed".
- hwclock use standard EXIT_{SUCCESS,FAILURE} macros with reverse status.
- Thus reports its status incorrectly in audit message.

It is a requirement for Common Criteria Certification that hwclock reports correct status in audit message.

This has been fixed upstream in https://github.com/karelzak/util-linux/commit/189edf1fe501ea39b35911337eab1740888fae7a

[Test Steps]

Steps to test:
1. Install auditd
2. Run following testcase,

# hwclock
2020-03-02 15:03:03.280351+0000

# hwclock --set --date "1/1/2000 00:00:00"
# echo $?
0
# hwclock
2000-01-01 00:00:05.413924+0000

# hwclock --utc --systohc
# echo $?
0
# hwclock
2020-03-02 15:07:00.264331+0000

Following audit messages from /var/log/audit/audit.log,

Note that last field in each audit record produced when hardware clock was modified has, "res=failed". Although, testcase shows no* failure occurred.

type=USYS_CONFIG msg=audit(1583161562.884:105): pid=2084 uid=0 auid=1000 ses=1 msg='op=change-system-time exe="/sbin/hwclock" hostname=bionic-fips addr=? terminal=pts/0 res=failed'

type=USYS_CONFIG msg=audit(1583161614.497:106): pid=2103 uid=0 auid=1000 ses=1 msg='op=change-system-time exe="/sbin/hwclock" hostname=bionic-fips addr=? terminal=pts/0 res=failed'

[Regression Potential]

Changes limited to the result value passed to audit_log_user_message(3),
so the audit messages will change the 'res=' field (to correct result.)

There should not be any regression to fix the status given to auditd.

Joy Latten (j-latten) on 2020-03-02
Changed in util-linux (Ubuntu):
importance: Undecided → Medium
importance: Medium → High
assignee: nobody → Joy Latten (j-latten)
Joy Latten (j-latten) on 2020-03-02
description: updated
Joy Latten (j-latten) wrote :

The debdiff for focal

Marc Deslauriers (mdeslaur) wrote :

ACK on the debdiff in comment #3. Uploaded to focal. Thanks!

Changed in util-linux (Ubuntu):
status: New → Fix Committed

Hi Joy, Marc,

Nice catch on this bug.

I see the debdiff made focal-proposed just now; cool

I'd be happy to review/sponsor for Eoan and Bionic, if you're OK with it.

I currently have an SRU in eoan-proposed, which should be promoted next week, so I'm already keeping an eye out for when it's done/possible to upload again.

If I may help w/ that, just let me know.

cheers,
Mauricio

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package util-linux - 2.34-0.1ubuntu8

---------------
util-linux (2.34-0.1ubuntu8) focal; urgency=medium

  * hwclock: fix audit exit status (LP: #1865504)

 -- Joy Latten <email address hidden> Thu, 05 Mar 2020 11:23:23 -0600

Changed in util-linux (Ubuntu):
status: Fix Committed → Fix Released

Working on the stable releases E/B as discussed w/ Marc on IRC.

Changed in util-linux (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Mauricio Faria de Oliveira (mfo)
importance: Undecided → Medium
Changed in util-linux (Ubuntu Eoan):
status: New → In Progress
assignee: nobody → Mauricio Faria de Oliveira (mfo)
importance: Undecided → Medium
description: updated
description: updated

Joy,

Great work on the debdiff, specially on the DEP3 headers in the patch,
and on the steps to reproduce, which are concise and clear.

I slightly modified the changelog entry to include the d/p/file.patch
path, and clarified its purpose. I also ran 'quilt refresh' to remove
offsets when applying the patch. Attaching the debdiffs for reference.

The version numbers are OK (not used in the archive) / followed rules,
and ensure upgrade path across releases.

The packages for Eoan and Bionic built successfully on all archs with
debug symbols enabled (ppa:mfo/lp1865504).

I have successfully tested the packages on Eoan and Bionic (pasting.)

Having verified that util-linux is not in the upload queue for E/B
nor have any SRU in progress in eoan/bionic-proposed; uploading it.

cheers,
Mauricio

Test/Eoan:
===

$ lsb_release -cs
eoan

$ sudo apt update
$ sudo apt install -y auditd

Before: (audit.log has res=failed)
---

$ dpkg -s util-linux | grep ^Version:
Version: 2.34-0.1ubuntu2.3

$ sudo hwclock --set --date "1/1/2000 00:00:00"
$ echo $?
0

$ sudo hwclock --utc --systohc
$ echo $?
0

$ grep hwclock /var/log/audit/audit.log | tail -n2
type=USYS_CONFIG msg=audit(1583956148.236:82): pid=2380 uid=0 auid=1000 ses=1 msg='op=change-system-time exe="/usr/sbin/hwclock" hostname=eoan addr=? terminal=pts/0 res=failed'
type=USYS_CONFIG msg=audit(1583956151.496:89): pid=2382 uid=0 auid=1000 ses=1 msg='op=change-system-time exe="/usr/sbin/hwclock" hostname=eoan addr=? terminal=pts/0 res=failed'

After: (audit.log has res=success)
---

$ sudo add-apt-repository ppa:mfo/lp1865504
$ sudo apt install -y util-linux

$ dpkg -s util-linux | grep ^Version:
Version: 2.34-0.1ubuntu2.4

$ sudo hwclock --set --date "1/1/2000 00:00:00"
$ echo $?
0

$ sudo hwclock --utc --systohc
$ echo $?
0

$ grep hwclock /var/log/audit/audit.log | tail -n2
type=USYS_CONFIG msg=audit(1583956232.963:108): pid=3432 uid=0 auid=1000 ses=1 msg='op=change-system-time exe="/usr/sbin/hwclock" hostname=eoan addr=? terminal=pts/0 res=success'
type=USYS_CONFIG msg=audit(1583956238.499:115): pid=3434 uid=0 auid=1000 ses=1 msg='op=change-system-time exe="/usr/sbin/hwclock" hostname=eoan addr=? terminal=pts/0 res=success'

Test/Bionic:
===

$ lsb_release -cs
bionic

Before: (audit.log has res=failed)
---

$ dpkg -s util-linux | grep ^Version:
Version: 2.31.1-0.4ubuntu3.5

$ sudo hwclock --set --date "1/1/2000 00:00:00"
$ echo $?
0

$ sudo hwclock --utc --systohc
$ echo $?
0

$ grep hwclock /var/log/audit/audit.log | tail -n2
type=USYS_CONFIG msg=audit(1583956487.134:64): pid=3463 uid=0 auid=1000 ses=5 msg='op=change-system-time exe="/sbin/hwclock" hostname=bionic addr=? terminal=pts/0 res=failed'
type=USYS_CONFIG msg=audit(1583956490.498:70): pid=3465 uid=0 auid=1000 ses=5 msg='op=change-system-time exe="/sbin/hwclock" hostname=bionic addr=? terminal=pts/0 res=failed'

After: (audit.log has res=success)
---

$ sudo add-apt-repository ppa:mfo/lp1865504
$ sudo apt install -y util-linux

$ dpkg -s util-linux | grep ^Version:
Version: 2.31.1-0.4ubuntu3.6

$ sudo hwclock --set --date "1/1/2000 00:00:00"
$ echo $?
0

$ sudo hwclock --utc --systohc
$ echo $?
0

$ grep hwclock /var/log/audit/audit.log | tail -n2
type=USYS_CONFIG msg=audit(1583956532.257:81): pid=3827 uid=0 auid=1000 ses=5 msg='op=change-system-time exe="/sbin/hwclock" hostname=bionic addr=? terminal=pts/0 res=success'
type=USYS_CONFIG msg=audit(1583956535.497:87): pid=3829 uid=0 auid=1000 ses=5 msg='op=change-system-time exe="/sbin/hwclock" hostname=bionic addr=? terminal=pts/0 res=success'

tags: added: sts-sponsor-mfo

Hello Joy, or anyone else affected,

Accepted util-linux into eoan-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/util-linux/2.34-0.1ubuntu2.4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-eoan to verification-done-eoan. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-eoan. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in util-linux (Ubuntu Eoan):
status: In Progress → Fix Committed
Changed in util-linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Łukasz Zemczak (sil2100) wrote :

Hello Joy, or anyone else affected,

Accepted util-linux into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/util-linux/2.31.1-0.4ubuntu3.6 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted util-linux (2.31.1-0.4ubuntu3.6) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

lxcfs/3.0.3-0ubuntu1~18.04.1 (arm64)
libuuid-perl/unknown (armhf)
mysql-5.7/5.7.29-0ubuntu0.18.04.1 (ppc64el, i386, armhf, s390x, arm64, amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#util-linux

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

All autopkgtests for the newly accepted util-linux (2.34-0.1ubuntu2.4) for eoan have finished running.
The following regressions have been reported in tests triggered by the package:

fsarchiver/unknown (armhf)
sbd/1.4.0-18-g5e3283c-1ubuntu1 (amd64)
python3.7/unknown (armhf)
systemd/242-7ubuntu3.7 (arm64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/eoan/update_excuses.html#util-linux

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Joy Latten (j-latten) wrote :

Mauricio,
Thank you so much for handling. Much appreciated. I took a quick look at the above #15 and #16 and perhaps a retry may be beneficial... there were some timeouts...

Hi Joy,

Thanks for looking at those, I'm back from PTO and will take a look at clearing them out.

Do you plan to verify bionic/eoan-proposed? I can do it as it's quick, but wanted to check w/ you first as you're the reporter.

Thanks,
Mauricio

Joy Latten (j-latten) wrote :

Successful verification on amd64 for eaon

$ dpkg -l | grep util-linux
ii util-linux 2.34-0.1ubuntu2.4 amd64 miscellaneous system utilities

Audit records found in /var/log/audit/audit.log,

type=USYS_CONFIG msg=audit(1584463433.533:68): pid=4263 uid=0 auid=1000 ses=1 msg='op=change-system-time exe="/usr/sbin/hwclock" hostname=eaon-server addr=? terminal=pts/0 res=success'

type=USYS_CONFIG msg=audit(1584463480.497:81): pid=4268 uid=0 auid=1000 ses=1 msg='op=change-system-time exe="/usr/sbin/hwclock" hostname=eaon-server addr=? terminal=pts/0 res=success'

autopkgtests
---

All test failures (except mysql-5.7 on bionic) were transient, and passed w/ one retry.

The test failure for mysql-5.7/bionic is unrelated to this upload.
Confirmed w/ a retry on -updates and -proposed.
Both fail in the same way:

mysql-5.7 [bionic/amd64]
Version Triggers Date Duration Requester Result
5.7.29-0ubuntu0.18.04.1 util-linux/2.31.1-0.4ubuntu3.5 2020-03-17 11:02:44 UTC 0h 43m 09s mfo fail log   artifacts   ♻
5.7.29-0ubuntu0.18.04.1 util-linux/2.31.1-0.4ubuntu3.6 2020-03-17 10:55:08 UTC 0h 35m 47s mfo fail log   artifacts   ♻

"""
Completed: Failed 1/780 tests, 99.87% were successful.

Failing test(s): main.events_1
"""

The pending-sru page [1] is already up-to-date and shows only the msyql-5.7 (unrelated) failures.

cheers,
Mauricio

[1] https://people.canonical.com/~ubuntu-archive/pending-sru.html

Joy Latten (j-latten) wrote :

Successful verification on amd64 for bionic

$ dpkg -l | grep util-linux
ii util-linux 2.31.1-0.4ubuntu3.6 amd64 miscellaneous system utilities

$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.3 LTS"

type=USYS_CONFIG msg=audit(1584464596.658:106): pid=13437 uid=0 auid=1000 ses=1 msg='op=change-system-time exe="/sbin/hwclock" hostname=bionic-fips addr=? terminal=pts/0 res=success'

type=USYS_CONFIG msg=audit(1584464615.494:117): pid=13441 uid=0 auid=1000 ses=1 msg='op=change-system-time exe="/sbin/hwclock" hostname=bionic-fips addr=? terminal=pts/0 res=success'

Joy Latten (j-latten) on 2020-03-17
tags: added: verification-done-eoan
tags: added: verification-done-bionic
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package util-linux - 2.34-0.1ubuntu2.4

---------------
util-linux (2.34-0.1ubuntu2.4) eoan; urgency=medium

  * d/p/hwclock_fix_audit_status.patch: reverse hwclock exit status
    so to match audit_log_user_message(3) semantics. (LP: #1865504)

 -- Joy Latten <email address hidden> Thu, 05 Mar 2020 11:23:23 -0600

Changed in util-linux (Ubuntu Eoan):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for util-linux has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package util-linux - 2.31.1-0.4ubuntu3.6

---------------
util-linux (2.31.1-0.4ubuntu3.6) bionic; urgency=medium

  * d/p/hwclock_fix_audit_status.patch: reverse hwclock exit status
    so to match audit_log_user_message(3) semantics. (LP: #1865504)

 -- Joy Latten <email address hidden> Thu, 05 Mar 2020 11:23:23 -0600

Changed in util-linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Changed in util-linux (Debian):
status: Unknown → New
Changed in util-linux (Debian):
status: New → Confirmed
tags: removed: sts-sponsor-mfo
Changed in util-linux (Debian):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.