Date: Tue, 14 Dec 1999 00:24:05 -0800 (PST) From: str@giganda.komkon.org To: freebsd-gnats-submit@freebsd.org Subject: kern/15478: incorrect utmp/wtmp records update upon connection being interrupted Message-ID: <19991214082405.150DD14A2D@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 15478
>Category: kern
>Synopsis: incorrect utmp/wtmp records update upon connection being interrupted
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Dec 14 00:30:00 PST 1999
>Closed-Date:
>Last-Modified:
>Originator: Igor Roshchin
>Release: 3.x-stable
>Organization:
KomKon
>Environment:
FreeBSD 3.3-RELEASE i386
FreeBSD 3.1-STABLE i386
>Description:
1. The record in wtmp file is not updated properly.
This seems to be happening when the connection dies (e.g. "reset by peer"),
say, when a people connected from a ppp-via-dialup host gets kicked
off by a modem, and the connection is not disconneted properly.
2. The utmp record is not updated either.
So, "w" shows a person being logged in, even though there are no processes
running on that tty. (accordingly w shows "-" as a current process).
When somebody else logs in on that tty, the utmp record is updated,
but not the wtmp one.
In most cases, if not in all, the users use "screen".
I am not sure if the use of screen is necessary condition or just
a coinsidence.
Additional information:
I've got responses that the problem is also observed in
3.3-STABLE (Nov 16) & 4.0-CURRENT (Sept 29)
and also without screen, but rather due to
WindowMaker unconditionally killing rxvt (from Will Andrews).
(" I have X11 + WindowMaker setup to
run a rxvt w/ top & xtail /var/log whenever it starts up.")
In that case, "w" shows incorrect idle time which might be
even greater than the uptime.
>How-To-Repeat:
I am not sure if it works every time, but..
Login (via telnet or ssh) from a dialup-PPP-host,
reattach running screen.
Harshly disconnect the modem.
Also, suggested by Will Andrews:
(From his e-mail)
=========
I have X11 + WindowMaker setup to
run a rxvt w/ top & xtail /var/log whenever it starts up. I never kill these
apps, so WindowMaker does the job. Unfortunately, the utmp & wtmp logs are
affected as you say above:
<2 5001-0> (99-12-11 17:02:42) [will@shadow ~]% w
5:02PM up 6 days, 19:40, 9 users, load averages: 1.02, 1.08, 1.07
USER TTY FROM LOGIN@ IDLE WHAT
will v0 - 12:59PM 4:03 xinit /home/will/.xini
will p0 unix:0 12:59PM 6days top
will p1 unix:0 12:59PM 27days xtail /var/log
Note that ttyp1's idle time is 27 days whereas my system uptime is only 6 days.
Also note that I've only been running X for 4 hours. Because WindowMaker
unconditionally kills these rxvt's, the utmp & wtmp files are not cleaned up
properly, and I get a result like the above.
==========
>Fix:
Check utmp/wtmp related functions...
Sorry, don't have better clue.
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991214082405.150DD14A2D>