bug#29212: XLockMore displays wrong time

Wed, 08 Nov 2017 12:58:40 -0800 

Hi,

Diego Nicola Barbato <dnbarb...@posteo.de> skribis:

> XLockMore (as invoked by the command `xlock') displays the wrong time on
> the lock screen.  Instead of honouring the timezone set in `config.scm'
> (as do other programs e.g. the `date' command) it displays UTC.

The problem is that setuid programs ignore $TZDIR; quoth ‘tzfile.c’ in
libc:

      /* We must not allow to read an arbitrary file in a setuid
         program.  So we fail for any file which is not in the
         directory hierachy starting at TZDIR
         and which is not the system wide default TZDEFAULT.  */
      if (__libc_enable_secure
          && ((*file == '/'
               && memcmp (file, TZDEFAULT, sizeof TZDEFAULT)
               && memcmp (file, default_tzdir, sizeof (default_tzdir) - 1))
              || strstr (file, "../") != NULL))
        /* This test is certainly a bit too restrictive but it should
           catch all critical cases.  */
        goto ret_free_transitions;

Thus, if I set TZ=Europe/Paris, I see that setuid binaries look for
timezone data only under
/gnu/store/3h31zsqxjjg52da5gp3qmhkh4x8klhah-glibc-2.25/share/zoneinfo/Europe/Paris,
which doesn’t exist.

Since GuixSD provides /etc/localtime already, we can actually unset TZ.
And when we do so, setuid binaries simply honor /etc/localtime and don’t
go searching for timezone data elsewhere, and they see the right time.

Can you confirm that:

  (unset TZ; xlock)

works for you?

I’ll commit the patch below if it does.

Thanks,
Ludo’.


diff --git a/gnu/system.scm b/gnu/system.scm
index 5f562b48b..ce2c05f4e 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -727,7 +727,8 @@ use 'plain-file' instead~%")
   "Return the environment variables of OS for
 @var{session-environment-service-type}, to be used in @file{/etc/environment}."
   `(("LANG" . ,(operating-system-locale os))
-    ("TZ" . ,(operating-system-timezone os))
+    ;; Note: No need to set 'TZ' since (1) we provide /etc/localtime, and (2)
+    ;; it doesn't work for setuid binaries.  See <https://bugs.gnu.org/29212>.
     ("TZDIR" . ,(file-append tzdata "/share/zoneinfo"))
     ;; Tell 'modprobe' & co. where to look for modules.
     ("LINUX_MODULE_DIRECTORY" . "/run/booted-system/kernel/lib/modules")

Reply via email to