From owner-freebsd-security@FreeBSD.ORG Tue Mar 31 12:47:26 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B6B1E4E2 for ; Tue, 31 Mar 2015 12:47:26 +0000 (UTC) Received: from smtp.digiware.nl (smtp.digiware.nl [31.223.170.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 449A2D5D for ; Tue, 31 Mar 2015 12:47:25 +0000 (UTC) Received: from rack1.digiware.nl (unknown [127.0.0.1]) by smtp.digiware.nl (Postfix) with ESMTP id 0522B16A402; Tue, 31 Mar 2015 14:47:23 +0200 (CEST) X-Virus-Scanned: amavisd-new at digiware.nl Received: from smtp.digiware.nl ([127.0.0.1]) by rack1.digiware.nl (rack1.digiware.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wNhFjxDuXi-N; Tue, 31 Mar 2015 14:47:13 +0200 (CEST) Received: from [192.168.101.198] (unknown [192.168.101.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.digiware.nl (Postfix) with ESMTPSA id E5F0B16A404; Tue, 31 Mar 2015 14:47:13 +0200 (CEST) Message-ID: <551A9759.2020004@digiware.nl> Date: Tue, 31 Mar 2015 14:47:21 +0200 From: Willem Jan Withagen User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: Slawa Olhovchenkov Subject: Re: ftpd don't record login in utmpx References: <20150330142543.GD74532@zxy.spb.ru> <44y4me9gfi.fsf@lowell-desk.lan> <20150331034402.GE74532@zxy.spb.ru> <551A561C.5000904@digiware.nl> <20150331084426.GX23643@zxy.spb.ru> <551A6A1D.5030307@digiware.nl> <20150331094915.GY23643@zxy.spb.ru> <551A76B4.6050306@digiware.nl> <20150331110215.GZ23643@zxy.spb.ru> In-Reply-To: <20150331110215.GZ23643@zxy.spb.ru> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Mar 2015 12:47:26 -0000 On 31-3-2015 13:02, Slawa Olhovchenkov wrote: > On Tue, Mar 31, 2015 at 12:28:04PM +0200, Willem Jan Withagen wrote: > >>>> Slawa, >>>> >>>> I can't tell you that, but it is in r202209. And you can ask the one >>>> that removed it (ed@). :) >>>> Like r202209 says 5 years ago: >>>> Maybe we can address this in the future if it turns out to be a >>>> real issue. >>> >>> What about issue talk? >>> Opened file outside chroot? /dev/null and /var/run/logpriv still opened. >>> Disabling logging for chrooted accounts? Realy?! >> >> Read the submit message!? The reason is there, nothing with security as >> I read it, but it just did not fit into the way the new lib for wtmp >> worked/works. > > I read it. And I don't understund it. May be I don't know somewere. > Or missed. Can you explain? In 9.0 the utmp stuff got rewritten, IIRC by Ed Schouten. But with the consequence that the API changed. And now it is no longer possible * to open a file at init, * keep it open while chrooting. * write records when needed. The interface is just completely different. Check: man utempter_add_record If you want the old behaviour, you have to dig into the code, and DIY. >> Clearly you do not agree, but you are rather late to the party. >> >> Could be that in the mean time code has been added to wtmp, and now you >> can do it from inside a chroot? Perhaps ask ed@ of on hackers@?? > > First I am ask security@. > Logging login and logout -- security task. Not quite IMHO ... I'd consider security@ more of a thing where it involves things that are related to things that can cause a secirity problem. But then again I understand how you look at it. >>>> Hasn't been an issue uptill now, it seems. >>>> >>>> But then there are many flavours of FTP server out there ATM, so freely >>>> quoted from Andy Tannenbaum: >>>> If you don't like this version, get another one. >>> >>> Now I only see removing old and working functionality w/o reassonable >> >> Well that is only in your eyes. wtmp moved (on) to a different way of >> storing the data. At that point in time nobody had a problem with that. >> And in 5 years you are the first one to be vocal about it. > > All others still using old version? Or they don't care about the log. > >>>> Or write a script that actually unites the output from either the >>>> database and/or last(8). >>> >>> You kidding. >>> For this I need rearange ALL ftp acconts. Change permissions. Create >>> hieararhie. Learn users. >> >> Well perhaps one of the other flavours of FTPDs suits your need better. > > I don't ask what I need do. > I just ask why switch off logging. > What issues may be happen? That is not the nice way to answer. I'm trying to explain why you have this problem. And as a mere suggestion I offered the insight that there are other FTPDs. Bluntly put: I don't think anybody is going to fix YOUR problem. If only because in 5 years time nobody had an issue with it. Regards, --WjW