Paul Eggert wrote:
> Fedora 38 runs
> systemd, for example, and it still maintains /var/log/wtmp. Likewise for
> Ubuntu 23.04.
Well, these are the permissions of these files:
/var/run/utmp /var/log/wtmp /var/log/btmp owner
Ubuntu 23.04 rw-rw-r-- rw-rw-r-- rw-rw---- root:utmp
Debian 12 rw-rw-r-- rw-rw-r-- rw-rw---- root:utmp
Fedora Rawhide rw-rw-r-- rw-rw-r-- rw-rw---- root:utmp
context initrc_var_run_t wtmp_t faillog_t
openSUSE 15.5 rw-rw-r-- rw-rw-r-- rw-rw---- root:utmp
Slackware 14 rw-rw-r-- rw-rw-r-- rw------- root:utmp,
btmp only root:root
Alpine 3.18 rw-rw-r-- rw-rw-r-- rw-rw---- root:utmp
Debian Hurd rw-rw-r-- rw-rw-r-- rw-rw---- root:utmp
Since the fact that /var/run/utmp and /var/log/wtmp are world-readable
implies that they are world-lockable and thus the DoS bug
https://sourceware.org/bugzilla/show_bug.cgi?id=24492 applies,
to me it's clear that both utmp and wtmp needs to go away rather
sooner than later. My guess is that Fedora and Ubuntu/Debian are only
waiting for 'who' (coreutils) and 'last' (util-linux / wtmpdb) to
stop accessing these two files.
> > Is there somebody really using btmp? Beside that it is really unreliable
> > since nearly no application is writing it, I asked on several mailing
> > lists and nobody answered.
I agree with Paul: When three books/blogs mention /var/log/btmp and the
ability to run "sudo who -a /var/log/btmp", and additionally a command
'lastb' exists, for "sudo lastb", we cannot ignore that.
> Although Ubuntu does not maintain /var/log/btmp
What do you mean by that? On Ubuntu 23.04, I just did a "ssh localhost"
with a wrong password, and then I see:
$ sudo who -a /var/log/btmp
LOGIN ssh:notty 2023-08-07 13:06 2564 id=
$ sudo lastb
bruno ssh:notty 127.0.0.1 Mon Aug 7 13:06 - 13:06 (00:00)
Similarly when there were several failed logins.
("sudo who /var/log/btmp" prints nothing, because it filters out the LOGIN
lines. "who -a /var/log/btmp" prints nothing, because it cannot open the
file.)
So, IMO, the conclusion is:
* The /var/log/wtmp argument to "who" and "users" should become deprecated.
* Whereas for /var/log/btmp we need to make an effort to continue supporting
it, in the same 'who' program that accesses the systemd API for utmp.
And access the time stamp in it as an unsigned 32-bit integer, like
Andreas Schwab proposed (already implemented).
This means:
(1) The API of the readutmp module should provide unlimited-length ut_user,
ut_host etc. fields always. No more #ifdef UT_USER_SIZE.
(2) The readutmp module should use a runtime 'if' rather than a compile-time
#if, in order to dispatch between the systemd backend and the file-based
backend.
I'll work on (1) today.
Bruno
