ftpd don't record login in utmpx
Slawa Olhovchenkov
slw at zxy.spb.ru
Tue Mar 31 03:44:12 UTC 2015
On Mon, Mar 30, 2015 at 08:08:49PM -0400, Lowell Gilbert wrote:
> Slawa Olhovchenkov <slw at zxy.spb.ru> writes:
>
> > ftpd from FreeBSD-10 and up don't record ftp logins to utmpx database
> > (for case of chrooted login).
> > This is lack security information.
> > I found this is done by r202209 and r202604.
> > I can't understand reason of this.
> > Can somebody explain?
>
> Having a jail log into the base system is a security issue in the
> making. Can't you do this in a safer way by doing remote logging to the
> base system rather than having the jail hold on to a file handle that
> belongs outside the jail?
Jail? Why I you talk about jail?
> It's certainly possible to maintain these kinds of capabilities, but
> you would have to convince code reviewers that the same results can't be
> achieved some other way that's easier to secure.
Can you explain some more?
A im lost point.
More information about the freebsd-security
mailing list