Comment 14 for bug 1152187

I was asked to expand the audit I performed earlier (summarized in
comment #5 above). I reviewed version 198-0ubuntu0ppa2 from pitti's PPA.

Again, this is not intended to be a complete audit. Not everything I found
is a security issue, I'm just reporting things that looked surprising to me.

timedated

- Forces /etc/localtime to symlink
- Racecondition between valid_timezone() and write_data_timezone()
  low risk because ../usr/share/zoneinfo/ is prepended, untrusted accounts
  shouldn't have write access here
- hwclock_set_timezone() and hwclock_reset_timezone() look misused or abused:
  both are used to 'seal' the Linux kernel's magic settimeofday(2) handling to
  adjust for CMOS-based clock being set to local time (windows) or UTC (unix).
  The 'tz' variable should otherwise be unused. So calling these functions
  multiple times in one boot is probably useless.
- write_data_local_rtc() appears to leave 'w' without terminating NUL
- SetTime timespec_store() doesn't appear to account for wraparound
- Many strings in timedatectl.c aren't localized

hostnamed

- read_full_file() realloc grows buf by one byte each loop iteration
  this will be bad performance for files between 4K and 4M.
- hostname_is_valid() will allow invalid names such as '.' or '..' or '_hi'
- Many strings in hostnamectl.c aren't localized

ACK for including both timedated and hostnamed in main, provided that
upstream is consulted for the settimeofday(2) issues, timespec_store()
wraparound issue, and hostname_is_valid() issue.