ftpd don't record login in utmpx
Willem Jan Withagen
wjw at digiware.nl
Tue Mar 31 12:47:26 UTC 2015
On 31-3-2015 13:02, Slawa Olhovchenkov wrote:
> On Tue, Mar 31, 2015 at 12:28:04PM +0200, Willem Jan Withagen wrote:
>
>>>> Slawa,
>>>>
>>>> I can't tell you that, but it is in r202209. And you can ask the one
>>>> that removed it (ed@). :)
>>>> Like r202209 says 5 years ago:
>>>> Maybe we can address this in the future if it turns out to be a
>>>> real issue.
>>>
>>> What about issue talk?
>>> Opened file outside chroot? /dev/null and /var/run/logpriv still opened.
>>> Disabling logging for chrooted accounts? Realy?!
>>
>> Read the submit message!? The reason is there, nothing with security as
>> I read it, but it just did not fit into the way the new lib for wtmp
>> worked/works.
>
> I read it. And I don't understund it. May be I don't know somewere.
> Or missed. Can you explain?
In 9.0 the utmp stuff got rewritten, IIRC by Ed Schouten. But with the
consequence that the API changed. And now it is no longer possible
* to open a file at init,
* keep it open while chrooting.
* write records when needed.
The interface is just completely different.
Check:
man utempter_add_record
If you want the old behaviour, you have to dig into the code, and DIY.
>> Clearly you do not agree, but you are rather late to the party.
>>
>> Could be that in the mean time code has been added to wtmp, and now you
>> can do it from inside a chroot? Perhaps ask ed@ of on hackers@??
>
> First I am ask security at .
> Logging login and logout -- security task.
Not quite IMHO ... I'd consider security@ more of a thing where it
involves things that are related to things that can cause a secirity
problem.
But then again I understand how you look at it.
>>>> Hasn't been an issue uptill now, it seems.
>>>>
>>>> But then there are many flavours of FTP server out there ATM, so freely
>>>> quoted from Andy Tannenbaum:
>>>> If you don't like this version, get another one.
>>>
>>> Now I only see removing old and working functionality w/o reassonable
>>
>> Well that is only in your eyes. wtmp moved (on) to a different way of
>> storing the data. At that point in time nobody had a problem with that.
>> And in 5 years you are the first one to be vocal about it.
>
> All others still using old version?
Or they don't care about the log.
>
>>>> Or write a script that actually unites the output from either the
>>>> database and/or last(8).
>>>
>>> You kidding.
>>> For this I need rearange ALL ftp acconts. Change permissions. Create
>>> hieararhie. Learn users.
>>
>> Well perhaps one of the other flavours of FTPDs suits your need better.
>
> I don't ask what I need do.
> I just ask why switch off logging.
> What issues may be happen?
That is not the nice way to answer. I'm trying to explain why you have
this problem. And as a mere suggestion I offered the insight that there
are other FTPDs.
Bluntly put: I don't think anybody is going to fix YOUR problem. If only
because in 5 years time nobody had an issue with it.
Regards,
--WjW
More information about the freebsd-security
mailing list