From owner-freebsd-security@FreeBSD.ORG  Tue Mar 31 00:08:57 2015
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 1A23136D
 for <freebsd-security@freebsd.org>; Tue, 31 Mar 2015 00:08:57 +0000 (UTC)
Received: from be-well.ilk.org (be-well.ilk.org [23.30.133.173])
 by mx1.freebsd.org (Postfix) with ESMTP id E6414E5B
 for <freebsd-security@freebsd.org>; Tue, 31 Mar 2015 00:08:56 +0000 (UTC)
Received: from lowell-desk.lan (lowell-desk.lan [172.30.250.41])
 by be-well.ilk.org (Postfix) with ESMTP id ECB3E33C46;
 Mon, 30 Mar 2015 20:08:50 -0400 (EDT)
Received: by lowell-desk.lan (Postfix, from userid 1147)
 id 019FC3983C; Mon, 30 Mar 2015 20:08:49 -0400 (EDT)
From: Lowell Gilbert <freebsd-security-local@be-well.ilk.org>
To: Slawa Olhovchenkov <slw@zxy.spb.ru>
Subject: Re: ftpd don't record login in utmpx
References: <20150330142543.GD74532@zxy.spb.ru>
Reply-To: freebsd-security@freebsd.org
Date: Mon, 30 Mar 2015 20:08:49 -0400
In-Reply-To: <20150330142543.GD74532@zxy.spb.ru> (Slawa Olhovchenkov's message
 of "Mon, 30 Mar 2015 17:25:43 +0300")
Message-ID: <44y4me9gfi.fsf@lowell-desk.lan>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain
Cc: freebsd-security@freebsd.org
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Mar 2015 00:08:57 -0000

Slawa Olhovchenkov <slw@zxy.spb.ru> writes:

> ftpd from FreeBSD-10 and up don't record ftp logins to utmpx database
> (for case of chrooted login).
> This is lack security information.
> I found this is done by r202209 and r202604.
> I can't understand reason of this.
> Can somebody explain?

Having a jail log into the base system is a security issue in the
making. Can't you do this in a safer way by doing remote logging to the
base system rather than having the jail hold on to a file handle that
belongs outside the jail?

It's certainly possible to maintain these kinds of capabilities, but
you would have to convince code reviewers that the same results can't be
achieved some other way that's easier to secure.