Lock I/O log timing file when opening for writing.

Author: millert

include/sudo_iolog.h

@@ -82,6 +82,7 @@ struct timing_closure {
 struct iolog_file {
     bool enabled;
     bool compressed;
+    bool locked;
     bool writable;
     union {
 	FILE *f;

lib/iolog/iolog_open.c

@@ -40,12 +40,14 @@ static unsigned char const gzip_magic[2] = {0x1f, 0x8b};
 /*
  * Open the specified I/O log file and store in iol.
  * Stores the open file handle which has the close-on-exec flag set.
+ * Also locks the file if iofd is IOFD_TIMING and mode is writable.
  */
 bool
 iolog_open(struct iolog_file *iol, int dfd, int iofd, const char *mode)
 {
     int flags;
     const char *file;
+    bool lockit = false;
     unsigned char magic[2];
     const uid_t iolog_uid = iolog_get_uid();
     const gid_t iolog_gid = iolog_get_gid();
@@ -66,11 +68,25 @@ iolog_open(struct iolog_file *iol, int dfd, int iofd, const char *mode)
 	    "%s: invalid iofd %d", __func__, iofd);
 	debug_return_bool(false);
     }
+    if (iofd == IOFD_TIMING && ISSET(flags, O_WRONLY|O_RDWR)) {
+	lockit = true;
+    }
 
     iol->writable = false;
     iol->compressed = false;
+    iol->locked = false;
     if (iol->enabled) {
 	int fd = iolog_openat(dfd, file, flags);
+	if (lockit && fd != -1) {
+	    if (sudo_lock_file(fd, SUDO_TLOCK)) {
+		iol->locked = true;
+	    } else {
+		sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
+		    "%s: unable to lock %s", __func__, file);
+		close(fd);
+		fd = -1;
+	    }
+	}
 	if (fd != -1) {
 	    if (*mode == 'w') {
 		if (fchown(fd, iolog_uid, iolog_gid) != 0) {

logsrvd/logsrv_util.c

@@ -99,7 +99,8 @@ iolog_open_all(int dfd, const char *iolog_dir, struct iolog_file *iolog_files,
     int iofd;
     debug_decl(iolog_open_all, SUDO_DEBUG_UTIL);
 
-    for (iofd = 0; iofd < IOFD_MAX; iofd++) {
+    /* Iterate in reverse order so we open/lock IOFD_TIMING first. */
+    for (iofd = IOFD_MAX - 1; iofd >= 0; iofd--) {
 	iolog_files[iofd].enabled = true;
         if (!iolog_open(&iolog_files[iofd], dfd, iofd, mode)) {
 	    if (errno != ENOENT) {