Bug 884 – Defaults log_input output(ttyin) output is overlapping

Bug 884 - Defaults log_input output(ttyin) output is overlapping


Summary:	Defaults log_input output(ttyin) output is overlapping

Status:	RESOLVED INVALID

Product:	Sudo
Classification:	Unclassified
Component:	Sudoreplay
Version:	1.8.1
Hardware:	Other All

Importance:	low high
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2019-06-17 22:27 MDT by Umair
Modified:	2019-07-11 12:59 MDT (History)
CC List:	0 users

See Also:

Attachments
overlapping logs (13.99 KB, image/jpeg) 2019-06-17 22:27 MDT, Umair	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Umair 2019-06-17 22:27:24 MDT

Created attachment 527 [details]
overlapping logs

All the logs captured for Defaults log_input are overlapping. 

We have the following on a test server
Defaults log_input
Defaults iolog_file=%Y%m%d%H%M%S_%{user}_%{group}_as_%{runas_user}_%{runas_group}_XXXXXX

When we are trying to view all the input logs through ttyin, the logs are getting overlap and we are not able to get a clear output

server # ls -l
total 12
-rw-------   1 root     admin         73 Jun 17 13:35 log
-rw-------   1 root     admin         20 Jun 17 13:41 stdin
-rw-------   1 root     admin       1235 Jun 17 13:41 timing
-rw-------   1 root     admin       1223 Jun 17 13:41 ttyin

Comment 1 Todd C. Miller 2019-07-11 12:59:50 MDT

The ttyin file consists of the user input, exactly as it was typed and without any post-processing.  One consequence of this is that the end of line character is usually a carriage return (ascii 13 or 0x0d) and not a linefeed character (ascii 10 or 0x0a).

You may wish to use the tr command to replace carriage returns with line feeds.  For example:

gunzip -c ttyin| tr "\\r" "\\n"

I'm going to expand the section in the manual that describes the I/O log files to be more detailed.