From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/13595
Path: news.gmane.org!.POSTED!not-for-mail
From: Rich Felker <dalias@libc.org>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: Use local time in syslog() function
Date: Mon, 14 Jan 2019 11:25:34 -0500
Message-ID: <20190114162534.GD23599@brightrain.aerifal.cx>
References: <20190114102303.Horde.cORQXioih5pWeAh2Yr2gztG@webmail.michael-kaufmann.ch>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: blaine.gmane.org 1547483024 2576 195.159.176.226 (14 Jan 2019 16:23:44 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Mon, 14 Jan 2019 16:23:44 +0000 (UTC)
User-Agent: Mutt/1.5.21 (2010-09-15)
To: musl@lists.openwall.com
Original-X-From: musl-return-13611-gllmg-musl=m.gmane.org@lists.openwall.com Mon Jan 14 17:23:40 2019
Return-path: <musl-return-13611-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@m.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by blaine.gmane.org with smtp (Exim 4.84_2)
	(envelope-from <musl-return-13611-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1gj51W-0000Yx-SX
	for gllmg-musl@m.gmane.org; Mon, 14 Jan 2019 17:23:38 +0100
Original-Received: (qmail 3502 invoked by uid 550); 14 Jan 2019 16:25:48 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Original-Received: (qmail 3482 invoked from network); 14 Jan 2019 16:25:47 -0000
Content-Disposition: inline
In-Reply-To: <20190114102303.Horde.cORQXioih5pWeAh2Yr2gztG@webmail.michael-kaufmann.ch>
Original-Sender: Rich Felker <dalias@aerifal.cx>
Xref: news.gmane.org gmane.linux.lib.musl.general:13595
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/13595>

On Mon, Jan 14, 2019 at 10:23:03AM +0100, Michael Kaufmann wrote:
> Hi,
> 
> I have found a bug in the implementation of syslog(). It should use
> the local time instead of UTC when sending the message to /dev/log.
> So in src/misc/syslog.c, the call to gmtime_r() should be replaced
> with localtime_r().

This is not a bug; rather, use of local time there in glibc and other
systems is a bug. Local time varies by the sending process and
produces inconsistent and uninterpretable log messages. Moreover the
syslog() function is not specified to depend on the environment and
thereby is not allowed to call any function whose behavior is
dependant on the environment.

If you want local times in logs, the only consistant and conforming
way to do it is to have syslogd interpret the timestamps and rewrite
them to your preferred timezone. But that still doesn't help with the
issue of ambiguous timestamps at daylight-time transition that give
attackers neat opportunities to misrepresent sequence of events
between different systems...

Rich