[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bug#64937: "who" reports funny dates
|
From: |
Thorsten Kukuk |
|
Subject: |
Re: bug#64937: "who" reports funny dates |
|
Date: |
Tue, 8 Aug 2023 12:24:42 +0000 |
|
User-agent: |
Mutt/1.10.1 (2018-07-13) |
On Mon, Aug 07, Paul Eggert wrote:
> On 2023-08-07 04:22, Bruno Haible wrote:
>
> > sooner than later. My guess is that Fedora and Ubuntu/Debian are only
> > waiting for 'who' (coreutils) and 'last' (util-linux / wtmpdb) to
> > stop accessing these two files.
>
> It's not just those two programs. Emacs looks at utmp, for example, when
> creating the symlinks it uses to implement its own file locking, because
> symlink contents contain the boot time (so that Emacs can better
> detect stale locks) and the boot time is retrieved from /var/run/utmp.
Something emacs needs to get fixed. On musl libc systems like Alpine,
you don't have utmp nor wtmp.
Beside that the emacs heuristic to find backups of wmtp is very
questionable, it wouldn't match on any of my systems.
There are better ways to determine the boot time.
> I expect that other programs look at utmp and/or wtmp, besides obvious
> candidates like 'login'. A quick scan through my Ubuntu /usr/bin found
> sessreg, for example; it was originally developed for X but is now used
> elsewhere.
There are some few:
https://github.com/thkukuk/utmpx/blob/main/Y2038.md#depending-on-utmpwtmpbtmplastlog-directly
And yes, the list is incomplete.
But to be honest, the majority is only creating entries (no longer
necessary) or counting the number of logged in users.
Other don't work since a long time since nobody writes the entries they
are looking for (like e.g. adjtimex).
So it's not that worse as it looks first.
> >> Although Ubuntu does not maintain /var/log/btmp
> >
> > What do you mean by that?
>
> Oh, my mistake. I checked a workstation that was behind a restrictive
> firewall, and nobody had ever attempted to attack it. You're right,
> Ubuntu maintains btmp.
Does they really maintain btmp or is it just openssh, where you cannot
disable btmp entries?
In the last case, the file is pretty useless, as all failed logins via
other ways (e.g. login itself) are not logged.
I know that Fedora tries to maintain it via pam_lastlog.so, but do to
all the problems with this interface that module is deprecated and will
be removed in a future release.
Thorsten
--
Thorsten Kukuk, Distinguished Engineer, Senior Architect, Future Technologies
SUSE Software Solutions Germany GmbH, Frankenstraße 146, 90461 Nuernberg,
Germany
Managing Director: Ivo Totev, Andrew McDonald, Werner Knoblich
(HRB 36809, AG Nürnberg)
- Re: bug#64937: "who" reports funny dates, (continued)
- Message not available
- Re: bug#64937: "who" reports funny dates, Thorsten Kukuk, 2023/08/06
- Re: bug#64937: "who" reports funny dates, Paul Eggert, 2023/08/06
- Re: bug#64937: "who" reports funny dates, Bruno Haible, 2023/08/07
- Re: bug#64937: "who" reports funny dates, Paul Eggert, 2023/08/07
- Re: bug#64937: "who" reports funny dates, Bruno Haible, 2023/08/08
- Re: bug#64937: "who" reports funny dates, Paul Eggert, 2023/08/08
- Re: bug#64937: "who" reports funny dates, Bruno Haible, 2023/08/08
- Message not available
- Re: bug#64937: "who" reports funny dates,
Thorsten Kukuk <=
- Re: bug#64937: "who" reports funny dates, Bruno Haible, 2023/08/08
- Message not available
- Re: bug#64937: "who" reports funny dates, Thorsten Kukuk, 2023/08/08
- Re: bug#64937: "who" reports funny dates, Robert Pluim, 2023/08/08
- Re: bug#64937: "who" reports funny dates, Bruno Haible, 2023/08/08
- Re: bug#64937: "who" reports funny dates, Robert Pluim, 2023/08/08
- Message not available
- Re: bug#64937: "who" reports funny dates, Thorsten Kukuk, 2023/08/08
- Re: bug#64937: "who" reports funny dates, Bruno Haible, 2023/08/08
- Re: boot time on Linux, Bruno Haible, 2023/08/08
- Re: boot time on Linux, Bruno Haible, 2023/08/09
- Re: boot time on Linux, Paul Eggert, 2023/08/09