From owner-freebsd-security@FreeBSD.ORG Tue Mar 31 08:09:13 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C41263FA for ; Tue, 31 Mar 2015 08:09:13 +0000 (UTC) Received: from smtp.digiware.nl (smtp.digiware.nl [31.223.170.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 807ECAB6 for ; Tue, 31 Mar 2015 08:09:13 +0000 (UTC) Received: from rack1.digiware.nl (unknown [127.0.0.1]) by smtp.digiware.nl (Postfix) with ESMTP id 7634016A404; Tue, 31 Mar 2015 10:09:04 +0200 (CEST) X-Virus-Scanned: amavisd-new at digiware.nl Received: from smtp.digiware.nl ([127.0.0.1]) by rack1.digiware.nl (rack1.digiware.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W8w_AqDc2p8Q; Tue, 31 Mar 2015 10:09:03 +0200 (CEST) Received: from [IPv6:2001:4cb8:3:1:19fb:2e2a:b977:8dce] (unknown [IPv6:2001:4cb8:3:1:19fb:2e2a:b977:8dce]) by smtp.digiware.nl (Postfix) with ESMTP id 5D48B16A401; Tue, 31 Mar 2015 10:09:03 +0200 (CEST) Message-ID: <551A561C.5000904@digiware.nl> Date: Tue, 31 Mar 2015 10:09:00 +0200 From: Willem Jan Withagen Organization: Digiware Management b.v. User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: Slawa Olhovchenkov , freebsd-security@freebsd.org Subject: Re: ftpd don't record login in utmpx References: <20150330142543.GD74532@zxy.spb.ru> <44y4me9gfi.fsf@lowell-desk.lan> <20150331034402.GE74532@zxy.spb.ru> In-Reply-To: <20150331034402.GE74532@zxy.spb.ru> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Mar 2015 08:09:13 -0000 On 31-3-2015 05:44, Slawa Olhovchenkov wrote: > On Mon, Mar 30, 2015 at 08:08:49PM -0400, Lowell Gilbert wrote: > >> Slawa Olhovchenkov writes: >> >>> ftpd from FreeBSD-10 and up don't record ftp logins to utmpx database >>> (for case of chrooted login). >>> This is lack security information. >>> I found this is done by r202209 and r202604. >>> I can't understand reason of this. >>> Can somebody explain? >> >> Having a jail log into the base system is a security issue in the >> making. Can't you do this in a safer way by doing remote logging to the >> base system rather than having the jail hold on to a file handle that >> belongs outside the jail? > > Jail? Why I you talk about jail? > >> It's certainly possible to maintain these kinds of capabilities, but >> you would have to convince code reviewers that the same results can't be >> achieved some other way that's easier to secure. I might have just too many miles on the clock already.... It used to liek this: to be able to do anything usefull in a chroot, you'd rebuild those parts of the system tree that you need in under the chrootdir. Eg. including ls(1) and all the libs it needed to function in ftpd. Some for apaches that ran chrooted, you'd carry/duplicate all you needed into the chroot env So in this case you probably need ${CHROOTDIR/var/log and create the database there. A Jail is no different in that, other than that it does this by default in some of the packages: eg. ezjail. --WjW