[Bug 637] ssh records that the user has logged out even though an sftp session is active

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Sep 13 17:04:48 EST 2003


http://bugzilla.mindrot.org/show_bug.cgi?id=637

micah at cs.swt.edu changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |



------- Additional Comments From micah at cs.swt.edu  2003-09-13 17:04 -------
> Besides, there is no clear way of saying "this is an sftp" session.  

  couldn't ssh just write to the wtmp log whenever sftp-server starts and exits
respectively?  

> Tagging all subsystems as a 'must have wtmp' is wrong since subsystems is a
generic concept.

  the generic nature of subsystems like shells, etc is irrelevant, IMHO.  sshd
forks for every user session and doesn't exist until the command, shell, etc has
exited. so here is a typical senario:

  1.) sshd recieves a connection and authenicates the user
  2.) sshd forks to handle the user's session
  3.) the child(sshd) writes to the wtmp log that the user has logged on
  4.) the child(sshd) executes a command or subsystem(if any) and waits on the child
  5.) the command or subsystem process exits
  6.) the child(sshd) recieves the exit status and writes to the wtmp log that
user has logged off 
  6.) the child(sshd) exits

  apparantly, you believe that logging user sessions to the wtmp log is abuse? I
consider it nothing less than mandatory.  consider this situation: a university
student executes "ssh user at host /bin/ksh" and does something malign to the
system intentionally or unintentially.  it would help tremedously if the wtmp
log reflected who actually logged on during that period.

basically, openssh provides several loopholes around proper user session logging
through subsystems and I find this to be a huge security risk.  I've spoken with
a couple of sysadmins at neighboring universities and they have the same
problem/concerns. I'm just the first one to speak up about it.

don't get me wrong, I love what you guys are doing with openssh but this is a
serious issue.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list