From 404fa3f93c00c7e130f5a0ec963b2dc6a3743986 Mon Sep 17 00:00:00 2001 From: Sami Kerola Date: Tue, 21 Jan 2014 22:05:05 +0000 Subject: last: make session gone determination more robust Earlier determination that used kill with signal zero to pid was prone to false positive reports, due reuse of pid space and unrelated processes. New function is_phantom() tries do a little bit better job, but fails to be perfect. It seems linking to gether utmp session start time or terminal id with /proc// information is not as simple as one might hope. Reported-by: Karel Zak Signed-off-by: Sami Kerola --- login-utils/last.c | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) (limited to 'login-utils/last.c') diff --git a/login-utils/last.c b/login-utils/last.c index 5550dcb3f..e4a849776 100644 --- a/login-utils/last.c +++ b/login-utils/last.c @@ -31,6 +31,7 @@ #include #include #include +#include #include #include #include @@ -572,6 +573,26 @@ static void __attribute__((__noreturn__)) usage(FILE *out) exit(out == stderr ? EXIT_FAILURE : EXIT_SUCCESS); } +static int is_phantom(struct utmp *ut) +{ + struct passwd *pw; + char path[32]; + FILE *f; + unsigned int loginuid, ret = 0; + + pw = getpwnam(ut->ut_name); + if (!pw) + return 1; + sprintf(path, "/proc/%u/loginuid", ut->ut_pid); + if (!(f = fopen(path, "r"))) + return 1; + if (fscanf(f, "%u", &loginuid) != 1) + ret = 1; + fclose(f); + if (!ret && pw->pw_uid != loginuid) + return 1; + return ret; +} static void process_wtmp_file(const struct last_control *ctl) { @@ -766,9 +787,7 @@ static void process_wtmp_file(const struct last_control *ctl) if (!lastboot) { c = R_NOW; /* Is process still alive? */ - if (ut.ut_pid > 0 && - kill(ut.ut_pid, 0) != 0 && - errno == ESRCH) + if (is_phantom(&ut)) c = R_PHANTOM; } else c = whydown; -- cgit v1.2.3-55-g7522