Date: Tue, 31 Mar 2015 14:02:15 +0300 From: Slawa Olhovchenkov <slw@zxy.spb.ru> To: Willem Jan Withagen <wjw@digiware.nl> Cc: freebsd-security@freebsd.org Subject: Re: ftpd don't record login in utmpx Message-ID: <20150331110215.GZ23643@zxy.spb.ru> In-Reply-To: <551A76B4.6050306@digiware.nl> References: <20150330142543.GD74532@zxy.spb.ru> <44y4me9gfi.fsf@lowell-desk.lan> <20150331034402.GE74532@zxy.spb.ru> <551A561C.5000904@digiware.nl> <20150331084426.GX23643@zxy.spb.ru> <551A6A1D.5030307@digiware.nl> <20150331094915.GY23643@zxy.spb.ru> <551A76B4.6050306@digiware.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 31, 2015 at 12:28:04PM +0200, Willem Jan Withagen wrote: > >> Slawa, > >> > >> I can't tell you that, but it is in r202209. And you can ask the one > >> that removed it (ed@). :) > >> Like r202209 says 5 years ago: > >> Maybe we can address this in the future if it turns out to be a > >> real issue. > > > > What about issue talk? > > Opened file outside chroot? /dev/null and /var/run/logpriv still opened. > > Disabling logging for chrooted accounts? Realy?! > > Read the submit message!? The reason is there, nothing with security as > I read it, but it just did not fit into the way the new lib for wtmp > worked/works. I read it. And I don't understund it. May be I don't know somewere. Or missed. Can you explain? > Clearly you do not agree, but you are rather late to the party. > > Could be that in the mean time code has been added to wtmp, and now you > can do it from inside a chroot? Perhaps ask ed@ of on hackers@?? First I am ask security@. Logging login and logout -- security task. > >> Hasn't been an issue uptill now, it seems. > >> > >> But then there are many flavours of FTP server out there ATM, so freely > >> quoted from Andy Tannenbaum: > >> If you don't like this version, get another one. > > > > Now I only see removing old and working functionality w/o reassonable > > Well that is only in your eyes. wtmp moved (on) to a different way of > storing the data. At that point in time nobody had a problem with that. > And in 5 years you are the first one to be vocal about it. All others still using old version? > >> Or write a script that actually unites the output from either the > >> database and/or last(8). > > > > You kidding. > > For this I need rearange ALL ftp acconts. Change permissions. Create > > hieararhie. Learn users. > > Well perhaps one of the other flavours of FTPDs suits your need better. I don't ask what I need do. I just ask why switch off logging. What issues may be happen?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150331110215.GZ23643>