Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

search_id() lookup by login time vulnerable to time going backwards #28

Open
andy-bower opened this issue Mar 1, 2025 · 1 comment
Open

search_id() lookup by login time vulnerable to time going backwards #28

andy-bower opened this issue Mar 1, 2025 · 1 comment

Comments

@andy-bower
Copy link
Contributor

Currently search_id() looks for the latest matching entry by login time:

wtmpdb/lib/sqlite.c

Line 361 in 4e4b54e

char *sql = "SELECT ID FROM wtmp WHERE TTY = ? AND Logout IS NULL ORDER BY Login DESC LIMIT 1";

Isn't this vulnerable to if the system time has ever been later than now (sadly, it happens!) and then returning a wrong, 'earlier', record?

How about changing the ordering to descending order of row ID if sqlite3 guarantees this is always monotonically increasing? Perhaps that would even be more performant if sqlite3 backs the primary key with an index, which I imagine it does!
@thkukuk
Copy link
Owner

thkukuk commented Mar 3, 2025

sqlite3 does not guarantee that it is always monotonically increasing, it only guarantees that it is unique. Latest when it reaches MAX_INT it cannot increase it anymore.
But I don't know what happens if somebody never rotates the wtmpdb database, I would assume after MAX_INT entries sqlite3 will return an error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thkukuk @andy-bower