recompiling with no optimizations did not fix the problem. BSD style accounting and V3 are turned on in the kernel (2.6.11-rc1-mm1). Old redhat bug (1999!) suggests this may be a problem re: sys/acct.h vs linux/acct.h, but after messing with the source to switch from one to the other the code compiled but the same problem remained. Reproducible: Always Steps to Reproduce: 1. Turn on BSD style accounting and V3 of that in the kernel 2. # emerge acct 3. # /etc/init.d/acct start 4. # lastcomm Actual Results: ?? root ?? 0.00 secs Wed Dec 31 19:00 D? root ?? 0.00 secs Wed Dec 31 19:00 (? 17523789 ?? 0.00 secs Wed Dec 31 19:00 ? root ?? 0.00 secs Wed Dec 31 19:00 (? F 17523789 ?? 0.00 secs Wed Dec 31 19:00 (? F 17523789 ?? 0.00 secs Wed Dec 31 19:00 ?? root ?? 0.00 secs Wed Dec 31 19:00 ?? is an example output Expected Results: listed process names instead of random jumble of mostly question marks. no other programs running
Looks like a bug, not a vulnerability. Reassigning...
It's not a bug. You just need a patched version of the acct utilities to read the new v3 file format. Check out: http://www.physik3.uni-rostock.de/tim/kernel/utils/acct/ This version should be included to portage (maybe masked). Works for me.
I've put an -r1 build into CVS, that uses the new upstream version for the v3 accounting file format.
*** Bug 87585 has been marked as a duplicate of this bug. ***