From owner-freebsd-security@FreeBSD.ORG Tue Mar 31 21:16:13 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CA805DCB for ; Tue, 31 Mar 2015 21:16:13 +0000 (UTC) Received: from be-well.ilk.org (be-well.ilk.org [23.30.133.173]) by mx1.freebsd.org (Postfix) with ESMTP id A0E278DB for ; Tue, 31 Mar 2015 21:16:13 +0000 (UTC) Received: by be-well.ilk.org (Postfix, from userid 1147) id 29EE033C1E; Tue, 31 Mar 2015 17:16:12 -0400 (EDT) From: Lowell Gilbert To: Slawa Olhovchenkov Subject: Re: ftpd don't record login in utmpx References: <20150330142543.GD74532@zxy.spb.ru> <44y4me9gfi.fsf@lowell-desk.lan> <20150331034402.GE74532@zxy.spb.ru> <551A561C.5000904@digiware.nl> <20150331084426.GX23643@zxy.spb.ru> <551A6A1D.5030307@digiware.nl> <20150331094915.GY23643@zxy.spb.ru> <551A76B4.6050306@digiware.nl> <20150331110215.GZ23643@zxy.spb.ru> Reply-To: freebsd-security@freebsd.org Date: Tue, 31 Mar 2015 17:16:11 -0400 In-Reply-To: <20150331110215.GZ23643@zxy.spb.ru> (Slawa Olhovchenkov's message of "Tue, 31 Mar 2015 14:02:15 +0300") Message-ID: <44k2xwuauc.fsf@be-well.ilk.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Mar 2015 21:16:13 -0000 Slawa Olhovchenkov writes: > On Tue, Mar 31, 2015 at 12:28:04PM +0200, Willem Jan Withagen wrote: >> Well that is only in your eyes. wtmp moved (on) to a different way of >> storing the data. At that point in time nobody had a problem with that. >> And in 5 years you are the first one to be vocal about it. > > All others still using old version? No. Quite the opposite. My guess is that this feature was *never* very widely used. All of the information that it provides can be sent to the system logs instead. And if you want more user-based information, many types are *only* availabe on the system log. As a bonus, better management and analysis tools are available for system log formats. > I don't ask what I need do. > I just ask why switch off logging. FTP logging did not get turned off. FTP logging from inside of a chroot to outside of a chroot got turned off. As for why this happened, the answer is that the procedure you used to use depended on a feature of wtmp. Eventually, wtmp was replaced by utmpx to support unrelated new features. This meant that ftpd could no longer modify wtmp files, because there no longer *are* any wtmp files. As a final note, I'll point out that in principle, it's possible to implement this feature in a more reasonable way. That involves having a separate privileged task to handle closing sessions. Some alternative FTP daemons are able to do this, but they generally suggest turning it off because it increases resource usage by quite a bit.