[Bug 1865504] Re: hwclock reports incorrect status in audit message

Mauricio Faria de Oliveira mfo at canonical.com
Tue Mar 17 17:00:39 UTC 2020 

autopkgtests
---

All test failures (except mysql-5.7 on bionic) were transient, and
passed w/ one retry.

The test failure for mysql-5.7/bionic is unrelated to this upload.
Confirmed w/ a retry on -updates and -proposed.  
Both fail in the same way:

mysql-5.7 [bionic/amd64]
Version 	Triggers 	Date 	Duration 	Requester 	Result 	
5.7.29-0ubuntu0.18.04.1 	util-linux/2.31.1-0.4ubuntu3.5 	2020-03-17 11:02:44 UTC 	0h 43m 09s 	mfo 	fail 	log   artifacts   ♻
5.7.29-0ubuntu0.18.04.1 	util-linux/2.31.1-0.4ubuntu3.6 	2020-03-17 10:55:08 UTC 	0h 35m 47s 	mfo 	fail 	log   artifacts   ♻

"""
Completed: Failed 1/780 tests, 99.87% were successful.

Failing test(s): main.events_1
"""

The pending-sru page [1] is already up-to-date and shows only the
msyql-5.7 (unrelated) failures.

cheers,
Mauricio

[1] https://people.canonical.com/~ubuntu-archive/pending-sru.html

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1865504

Title:
  hwclock reports incorrect status in audit message

Status in util-linux package in Ubuntu:
  Fix Released
Status in util-linux source package in Bionic:
  Fix Committed
Status in util-linux source package in Eoan:
  Fix Committed
Status in util-linux package in Debian:
  Unknown

Bug description:
  [Impact]

  hwclock reports incorrect status in audit message:
  - hwclock calls audit_log_user_message(3) to create an audit entry.
  - audit_log_user_message(3) result 1 is "success" and 0 is "failed".
  - hwclock use standard EXIT_{SUCCESS,FAILURE} macros with reverse status.
  - Thus reports its status incorrectly in audit message.

  It is a requirement for Common Criteria Certification that hwclock
  reports correct status in audit message.

  This has been fixed upstream in https://github.com/karelzak/util-
  linux/commit/189edf1fe501ea39b35911337eab1740888fae7a

  [Test Steps]

  Steps to test:
  1. Install auditd
  2. Run following testcase,

  # hwclock
  2020-03-02 15:03:03.280351+0000

  # hwclock --set --date "1/1/2000 00:00:00"
  # echo $?
  0
  # hwclock
  2000-01-01 00:00:05.413924+0000

  # hwclock --utc --systohc
  # echo $?
  0
  # hwclock
  2020-03-02 15:07:00.264331+0000

  Following audit messages from /var/log/audit/audit.log,

  Note that last field in each audit record produced when hardware clock
  was modified has, "res=failed". Although, testcase shows no* failure
  occurred.

  type=USYS_CONFIG msg=audit(1583161562.884:105): pid=2084 uid=0
  auid=1000 ses=1 msg='op=change-system-time exe="/sbin/hwclock"
  hostname=bionic-fips addr=? terminal=pts/0 res=failed'

  type=USYS_CONFIG msg=audit(1583161614.497:106): pid=2103 uid=0
  auid=1000 ses=1 msg='op=change-system-time exe="/sbin/hwclock"
  hostname=bionic-fips addr=? terminal=pts/0 res=failed'

  [Regression Potential]

  Changes limited to the result value passed to audit_log_user_message(3),
  so the audit messages will change the 'res=' field (to correct result.)

  There should not be any regression to fix the status given to auditd.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions

More information about the foundations-bugs mailing list