From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.8) Gecko/20061107 Fedora/1.5.0.8-1.fc6 Firefox/1.5.0.8 Description of problem: bash-3.1$ last -ad -10 wolfgang pts/3 Wed Dec 6 07:28 still logged in 119.27.10.0 wolfgang pts/1 Wed Dec 6 07:11 still logged in 114.255.14.0 wolfgang :0 Wed Dec 6 07:11 still logged in 0.0.0.0 wolfgang pts/1 Tue Dec 5 22:24 - 23:48 (01:23) 9.50.2.0 wolfgang pts/1 Tue Dec 5 20:09 - 21:43 (01:34) 134.118.7.0 wolfgang pts/1 Tue Dec 5 18:33 - 20:07 (01:34) 80.107.0.0 wolfgang pts/0 Tue Dec 5 16:34 - 17:52 (01:17) 235.37.15.0 alison pts/1 Tue Dec 5 15:13 - 16:41 (01:27) 15.243.163.254 wolfgang pts/5 Tue Dec 5 14:14 - 17:52 (03:37) cpe-76-188-12-0.neo.res.rr.com wtmp begins Fri Dec 1 05:42:03 2006 notice the random-numbers presented as IP addresses in the last field. I suspect either an uninitialized/uncleared struct element or last isn't correctly suppressing this printing upon seeing that it was a local login. Version-Release number of selected component (if applicable): SysVinit-2.86-14 How reproducible: Always Steps to Reproduce: 1.type "last -ad -10" on the local machine. 2.look at last column of output 3.scratch head and wonder if one really took a trip around the world and forgot about it. Actual Results: The list of hosts printed in the last column don't correspond to any known legit logins. Expected Results: last column should be empty for local xterms etc. Additional info: environment: standard gdm / X11 logins with multiple gnu terminals used. perhaps gnu terminal startup registers the startup with utmp/wtmp incorreclty.
This is a bug in programs that write to the utmp/wtmp file. See sysvinit-2.86-timeval.patch; there's a similar patch in util-linux. Are you using gnome-terminal, xterm, or something else?
I'm using gnome-terminal and have just confirmed that what I'm seeing is a direct result of a new gnome-terminal being created.
Assigning to gnome-terminal; might actually be vte, not sure.
The bug is in gnome-pty-helper that is part of vte. Should it just print 0.0.0.0 for local logins or what?
If it is possible to suppres the output for local logins that would be less confusing for the user. 0.0.0.0 implies that ipv4 was somehow involved. Come to think of it, "ssh ::" has a similar problem. It claims the connection came from "0.0.0.0" instead of "::".
Theoretically, if the bug is fixed, it will have 0.0.0.0, as that's the data in the utmp file (all zeroes). I suppose there could be some special casing in last for 0.0.0.0, but it's really just converting the raw utmp data into an ip address.
gnome-pty-helper doesn't seem to try to write the ip address at all. Can someone who can reproduce this problem valgrind it? I'll give it a try on a x86_64 machine. Seems to be related.
It's not the ip addr. The utmp field is (from bits/utmp.h): struct { int32_t tv_sec; /* Seconds. */ int32_t tv_usec; /* Microseconds. */ } ut_tv; If you write a raw struct timeval in there, on x86_64, it overflows into the next field: int32_t ut_addr_v6[4]; /* Internet address of remote host. */ which gives you garbage.
So, instead of: gettimeofday ((struct timeval*) &put.ut_tv, NULL); you need something like: struct timeval tv; gettimeofday(&tv, NULL); put.ut_tv.tv_sec = tv.tv_sec; put.ut_tv.tv_usec = tv.tv_usec.
Thanks for tracking down!
Created attachment 143195 [details] patch patch committed upstream.
vte-0.14.1-1.fc6 has been pushed for fc6, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
Can someone confirm that the updates fixes this, and close?
I can confirm that the fix in vte-0.14.1-1.fc6 works. bash-3.1$ last -4 -ad wolfgang pts/4 Tue Dec 12 12:26 still logged in 0.0.0.0 wolfgang pts/4 Tue Dec 12 10:37 - 11:31 (00:54) 0.0.0.0 wolfgang pts/4 Tue Dec 12 10:09 - 10:19 (00:10) 0.0.0.0 wolfgang pts/4 Tue Dec 12 10:08 - 10:09 (00:00) 0.0.0.0 wtmp begins Fri Dec 1 05:42:03 2006
Thanks.