Zeroed .ut_tv values in wtmp confuse chkrootkit.
Reported and debugged by Norman Smith. This is based on his patch,
but modified to behave more like upstart did in F14 and cleaned up.
https://bugzilla.redhat.com/show_bug.cgi?id=743696
-static int write_entry_both(const struct utmpx *store) {
+static int write_utmp_wtmp(const struct utmpx *store_utmp, const struct utmpx *store_wtmp) {
- r = write_entry_utmp(store);
- s = write_entry_wtmp(store);
+ r = write_entry_utmp(store_utmp);
+ s = write_entry_wtmp(store_wtmp);
+static int write_entry_both(const struct utmpx *store) {
+ return write_utmp_wtmp(store, store);
+}
+
int utmp_put_shutdown(void) {
struct utmpx store;
int utmp_put_shutdown(void) {
struct utmpx store;
}
int utmp_put_dead_process(const char *id, pid_t pid, int code, int status) {
}
int utmp_put_dead_process(const char *id, pid_t pid, int code, int status) {
- struct utmpx lookup, store, *found;
+ struct utmpx lookup, store, store_wtmp, *found;
zero(store.ut_host);
zero(store.ut_tv);
zero(store.ut_host);
zero(store.ut_tv);
- return write_entry_both(&store);
+ memcpy(&store_wtmp, &store, sizeof(store_wtmp));
+ /* wtmp wants the current time */
+ init_timestamp(&store_wtmp, 0);
+
+ return write_utmp_wtmp(&store, &store_wtmp);