Date: Thu, 06 Feb 2025 15:21:54 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 233578] Unprivileged local user can prevent other users logging in by locking utx.active Message-ID: <bug-233578-227-JiQ6UNVVqE@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-233578-227@https.bugs.freebsd.org/bugzilla/> References: <bug-233578-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D233578 Dan Cross <cross@gajendra.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cross@gajendra.net --- Comment #10 from Dan Cross <cross@gajendra.net> --- This has come up for me recently, on a multiuser system where (by design) n= ot all of the accounts are completely trusted. Unprivileged users preventing logins is unacceptable, but it would be a shame to de-permit access to utx.active, thus making programs like `finger`, `w`, or `who` or other consumers of the `getutxent` interface uninteresting. The proposal in #4 seems reasonable; is there any chance this could be appl= ied any time soonish? Btw, looking at the code in `pututxline`, the algorithm for updating lastlog appears to be linear in the number of users on the system. We've got tens of thousands of users, making this very slow; other systems use the uid as an index into that file (which may be sparse as a result, but that's ok). Woul= d it be possible to do that here? Also, we used to have a program that (effectively) tail -f'ed the wtmp file= and would print out a message when someone in a user-selectable list logged in = or out; our users enjoyed that. But there's no way to accommodate that in the current framework, which is a shame. Part of this is due to the data format being opaque, and part of it is inadequacies in the API (there's no way to = use e.g., `setutxdb` and then seek to the end of a file). It's a bit of a sham= e. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-233578-227-JiQ6UNVVqE>