-
-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
timedatectl: does not notice corrupted zoneinfo files #8905
Comments
@mbiebl Could you explain what kind of check should we do? Also, could you provide the broken zoneinfo? I cannot reproduce this on Fedora 28 (tzdata-2018d). The following is the output of
|
@yuwata (keep in mind that I'm only forwarding this bug report, I'm not the original bug reporter) It is suggested in the bug report, that zoneinfo files have a magic number, which timedatectl/timedated could check for, before applying any (incorrect) changes. |
to create a garbage file, it should be as simple as running
and the rerun your test above (make a copy of the correct file beforehand) |
As for the magic number, see
|
@mbiebl Thank you for the clarification. But, now I am skeptical that we should really support such a case... The original bug report seems not ours. |
Huh, I don't understand, can you elaborate? |
timedatectl and timedated do not parse the timezone data, and we generally assume that data in /usr is in a good state. I mean, we use all kinds of files all over the place in /usr and do not validate it first, under the assumption that /usr is vendor supplied and hence in a good state. If your package manager corrupts files in /usr then this appears to be something to fix in the package manager, no? I mean, it's basically as if you are asking us before we run a shell script we go and open the script first, read the shebang line, validate that it refers to a valid ELF binary and so on. But this is not how we generally do stuff on Linux. I am quite puzzled about this bug report, really, and don't grok what this is about? |
And to make this clear: it's glibc that parses the zone files, not systemd. If you think the parser is not good in glibc, please file a bug in glibc. timedatectl ultimately just shows the data glibc's tzset() makes available, that's all. If tzset() is broken, then please work with glibc to fix it. |
I suspect the glibc time functions already do a magic number check and default to UTC if the data is bad. That seems consistent with the output timedatectl produces in this instance. |
I'm puzzled by the responses. I don't think anywhere in the bug report it was mentioned, that the package manager did corrupt the timezone data files (If I might guess, it's more likely a file system issue). Remember, that I'm passing this bug report along. But for me it was quite obvious: |
I mean, we already do some basic sanity checks, like:
This would just be another safe-guard. |
I was going to submit a patch to implement this, but I think I have decided against it. The current code in Opening the file and checking its contents to ensure the file isn't corrupted is kind of a leap. I think the file format is specific to glibc, and its format does change occasionally. It's unlikely the magic number would change, but checking that doesn't even guarantee the file is valid; the rest of the file could very well be garbage. If glibc provides some function that could be used to validate the timezone, I think that would make a lot more sense. |
Agreed, we shouldn't try to second-guess glibc and parse the format ourselves. |
Interestingly though there's now a manpage tzfile(5) that formally documents the format... (or maybe that was always there?) |
There's "version 1 format", "version 2 format", "version 3 format". Hence, "version 4 format" might appear in the future. So even if we encountered a file that we don't understand, I don't think we could reject it. If glibc gave us a verification function, things would be different. |
@keszybz are you concerned that a potential future version 4 format might drop the 4 byte magic sequence? |
Sure, we can do that. If you feel it's worth it... Protecting against random corruptions in the file system is rather futile imho, but a check like this probably wouldn't hurt. |
Submission type
systemd version the issue has been seen with
Originally filed against v215 but still seems valid with v238
Used distribution
Debian
From the downstream bug report at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767593
Due to local problems, my zoneinfo file was corrupted (content replaced
with garbage). Setting the timezone with timedatectl set-timezone lead
to the timezone being set to UTC, but using the correct name.
Given that zoneinfo files have an obvious magic number and the garbage
file hadn't one, it'd be really great if timedatectl could do basic
sanity checks before loading the file and creating an "invalid"
configuration.
The text was updated successfully, but these errors were encountered: