From owner-freebsd-security@FreeBSD.ORG Tue Mar 31 10:28:23 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3CB86E6 for ; Tue, 31 Mar 2015 10:28:23 +0000 (UTC) Received: from smtp.digiware.nl (smtp.digiware.nl [31.223.170.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D809CC25 for ; Tue, 31 Mar 2015 10:28:22 +0000 (UTC) Received: from rack1.digiware.nl (unknown [127.0.0.1]) by smtp.digiware.nl (Postfix) with ESMTP id 5840A16A404; Tue, 31 Mar 2015 12:28:19 +0200 (CEST) X-Virus-Scanned: amavisd-new at digiware.nl Received: from smtp.digiware.nl ([127.0.0.1]) by rack1.digiware.nl (rack1.digiware.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fMuhl8FTtHar; Tue, 31 Mar 2015 12:28:07 +0200 (CEST) Received: from [IPv6:2001:4cb8:3:1:19fb:2e2a:b977:8dce] (unknown [IPv6:2001:4cb8:3:1:19fb:2e2a:b977:8dce]) by smtp.digiware.nl (Postfix) with ESMTP id 3D07516A401; Tue, 31 Mar 2015 12:28:07 +0200 (CEST) Message-ID: <551A76B4.6050306@digiware.nl> Date: Tue, 31 Mar 2015 12:28:04 +0200 From: Willem Jan Withagen Organization: Digiware Management b.v. User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: Slawa Olhovchenkov Subject: Re: ftpd don't record login in utmpx References: <20150330142543.GD74532@zxy.spb.ru> <44y4me9gfi.fsf@lowell-desk.lan> <20150331034402.GE74532@zxy.spb.ru> <551A561C.5000904@digiware.nl> <20150331084426.GX23643@zxy.spb.ru> <551A6A1D.5030307@digiware.nl> <20150331094915.GY23643@zxy.spb.ru> In-Reply-To: <20150331094915.GY23643@zxy.spb.ru> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Mar 2015 10:28:23 -0000 On 31-3-2015 11:49, Slawa Olhovchenkov wrote: > On Tue, Mar 31, 2015 at 11:34:21AM +0200, Willem Jan Withagen wrote: > >> On 31-3-2015 10:44, Slawa Olhovchenkov wrote: >>> On Tue, Mar 31, 2015 at 10:09:00AM +0200, Willem Jan Withagen wrote: >>> >>>> On 31-3-2015 05:44, Slawa Olhovchenkov wrote: >>>>> On Mon, Mar 30, 2015 at 08:08:49PM -0400, Lowell Gilbert wrote: >>>>> >>>>>> Slawa Olhovchenkov writes: >>>>>> >>>>>>> ftpd from FreeBSD-10 and up don't record ftp logins to utmpx database >>>>>>> (for case of chrooted login). >>>>>>> This is lack security information. >>>>>>> I found this is done by r202209 and r202604. >>>>>>> I can't understand reason of this. >>>>>>> Can somebody explain? >>>>>> >>>>>> Having a jail log into the base system is a security issue in the >>>>>> making. Can't you do this in a safer way by doing remote logging to the >>>>>> base system rather than having the jail hold on to a file handle that >>>>>> belongs outside the jail? >>>>> >>>>> Jail? Why I you talk about jail? >>>>> >>>>>> It's certainly possible to maintain these kinds of capabilities, but >>>>>> you would have to convince code reviewers that the same results can't be >>>>>> achieved some other way that's easier to secure. >>>> >>>> I might have just too many miles on the clock already.... >>>> >>>> It used to liek this: to be able to do anything usefull in a chroot, >>>> you'd rebuild those parts of the system tree that you need in under the >>>> chrootdir. >>>> Eg. including ls(1) and all the libs it needed to function in ftpd. >>>> Some for apaches that ran chrooted, you'd carry/duplicate all you needed >>>> into the chroot env >>>> >>>> So in this case you probably need >>>> ${CHROOTDIR/var/log >>>> and create the database there. >>> >>> I have many ftp acconts, than need be isolated by ftp. >>> I need united database about login and logout. >>> FreeBSD 1.x-9.x do this. >>> Why this removed in 10.x? >> >> Slawa, >> >> I can't tell you that, but it is in r202209. And you can ask the one >> that removed it (ed@). :) >> Like r202209 says 5 years ago: >> Maybe we can address this in the future if it turns out to be a >> real issue. > > What about issue talk? > Opened file outside chroot? /dev/null and /var/run/logpriv still opened. > Disabling logging for chrooted accounts? Realy?! Read the submit message!? The reason is there, nothing with security as I read it, but it just did not fit into the way the new lib for wtmp worked/works. Clearly you do not agree, but you are rather late to the party. Could be that in the mean time code has been added to wtmp, and now you can do it from inside a chroot? Perhaps ask ed@ of on hackers@?? >> Hasn't been an issue uptill now, it seems. >> >> But then there are many flavours of FTP server out there ATM, so freely >> quoted from Andy Tannenbaum: >> If you don't like this version, get another one. > > Now I only see removing old and working functionality w/o reassonable Well that is only in your eyes. wtmp moved (on) to a different way of storing the data. At that point in time nobody had a problem with that. And in 5 years you are the first one to be vocal about it. >> Or write a script that actually unites the output from either the >> database and/or last(8). > > You kidding. > For this I need rearange ALL ftp acconts. Change permissions. Create > hieararhie. Learn users. Well perhaps one of the other flavours of FTPDs suits your need better. --WjW