[Bug 1865504] Re: hwclock reports incorrect status in audit message

Joy Latten Mon, 02 Mar 2020 07:25:53 -0800

** Description changed:

+ [IMPACT]
+ hwclock reports incrorect status in audit message
+ 
+ hwclock calls audit_log_user_message(3) to create an audit entry.
  audit_log_user_message(3) result 1 is "success" and 0 is
  "failed", hwclock use standard EXIT_{SUCCESS,FAILURE} macros with reverse
- status. Thus reports status incorrectly in audit message. This has been fixed 
upstream in 
https://github.com/karelzak/util-linux/commit/189edf1fe501ea39b35911337eab1740888fae7a
+ status. Thus reports it's status incorrectly in audit message. 
+ 
+ It is a requirement for Common Criteria Certification that hwclock
+ reports correct status in audit message.
+ 
+ This has been fixed upstream in https://github.com/karelzak/util-
+ linux/commit/189edf1fe501ea39b35911337eab1740888fae7a
+ 
+ [TEST]
+ 
+ Steps to test:
+ 1. Install auditd
+ 2. Run following testcase,
+ 
+ # hwclock
+ 2020-03-02 15:03:03.280351+0000
+ # hwclock --set --date "1/1/2000 00:00:00"
+ # echo $?
+ 0
+ # hwclock
+ 2000-01-01 00:00:05.413924+0000
+ # hwclock --utc --systohc
+ # echo $?
+ 0
+ # hwclock
+ 2020-03-02 15:07:00.264331+0000
+ 
+ Following audit messages from /var/log/audit/audit.log,
+ 
+ type=USYS_CONFIG msg=audit(1583161562.884:105): pid=2084 uid=0 auid=1000 
ses=1 msg='op=change-system-time exe="/sbin/hwclock" hostname=bionic-fips 
addr=? terminal=pts/0 res=failed'
+ type=USYS_CONFIG msg=audit(1583161614.497:106): pid=2103 uid=0 auid=1000 
ses=1 msg='op=change-system-time exe="/sbin/hwclock" hostname=bionic-fips 
addr=? terminal=pts/0 res=failed'
+ 
+ Note that last entry in each audit record produced when hardware clock
+ was modified has, "res=failed". Although, testcase shows no failure
+ occurred.
+ 
+ [Regression Potential]
+ There should not be any regression to fix the status given to auditd.


-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1865504

Title:
  hwclock reports incorrect status in audit message

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1865504/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1865504] Re: hwclock reports incorrect status in audit message

Reply via email to