From owner-freebsd-security@FreeBSD.ORG Tue Mar 31 08:44:29 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EBF11A04 for ; Tue, 31 Mar 2015 08:44:29 +0000 (UTC) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A280DEC8 for ; Tue, 31 Mar 2015 08:44:29 +0000 (UTC) Received: from slw by zxy.spb.ru with local (Exim 4.84 (FreeBSD)) (envelope-from ) id 1Ycrmc-00018x-BT; Tue, 31 Mar 2015 11:44:26 +0300 Date: Tue, 31 Mar 2015 11:44:26 +0300 From: Slawa Olhovchenkov To: Willem Jan Withagen Subject: Re: ftpd don't record login in utmpx Message-ID: <20150331084426.GX23643@zxy.spb.ru> References: <20150330142543.GD74532@zxy.spb.ru> <44y4me9gfi.fsf@lowell-desk.lan> <20150331034402.GE74532@zxy.spb.ru> <551A561C.5000904@digiware.nl> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <551A561C.5000904@digiware.nl> User-Agent: Mutt/1.5.23 (2014-03-12) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Mar 2015 08:44:30 -0000 On Tue, Mar 31, 2015 at 10:09:00AM +0200, Willem Jan Withagen wrote: > On 31-3-2015 05:44, Slawa Olhovchenkov wrote: > > On Mon, Mar 30, 2015 at 08:08:49PM -0400, Lowell Gilbert wrote: > > > >> Slawa Olhovchenkov writes: > >> > >>> ftpd from FreeBSD-10 and up don't record ftp logins to utmpx database > >>> (for case of chrooted login). > >>> This is lack security information. > >>> I found this is done by r202209 and r202604. > >>> I can't understand reason of this. > >>> Can somebody explain? > >> > >> Having a jail log into the base system is a security issue in the > >> making. Can't you do this in a safer way by doing remote logging to the > >> base system rather than having the jail hold on to a file handle that > >> belongs outside the jail? > > > > Jail? Why I you talk about jail? > > > >> It's certainly possible to maintain these kinds of capabilities, but > >> you would have to convince code reviewers that the same results can't be > >> achieved some other way that's easier to secure. > > I might have just too many miles on the clock already.... > > It used to liek this: to be able to do anything usefull in a chroot, > you'd rebuild those parts of the system tree that you need in under the > chrootdir. > Eg. including ls(1) and all the libs it needed to function in ftpd. > Some for apaches that ran chrooted, you'd carry/duplicate all you needed > into the chroot env > > So in this case you probably need > ${CHROOTDIR/var/log > and create the database there. I have many ftp acconts, than need be isolated by ftp. I need united database about login and logout. FreeBSD 1.x-9.x do this. Why this removed in 10.x?