[Bug 637] ssh records that the user has logged out even though an sftp session is active
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sun Sep 14 04:39:03 EST 2003
http://bugzilla.mindrot.org/show_bug.cgi?id=637
------- Additional Comments From micah at cs.swt.edu 2003-09-14 04:39 -------
> wtmp is not for logins, it's for ttys.
from UTMP(5) man page:
"The file <utmp.h> declares the structures used to record information
about current users in the file utmp, logins and logouts in the file
wtmp, and last logins in the file lastlog."
furthermore:
"Next, the login program opens the file wtmp, and appends the user's utmp
record. The same utmp record, with an updated time stamp is later ap-
pended to the wtmp file when the user logs out (see init(8))."
an empty tty can be included in the log for that user.
> using it for sftp is an abuse and causes portability nightmares.
correct me if I'm wrong, but you already have "ssh_login.c", etc so the
portable wtmp logging code has been there for a while. it's simply a matter of
incorporating the existing functionality in the write place i.e. whenever a
subsystem is called.
as it stands, ssh provides an insecure login method where a user can go
undetected by exploiting the subsystem and thus rendering commands such as 'who'
and 'last' useless...
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list