Ticket #132 (closed defect: workaround)

Opened 13 years ago

Last modified 11 years ago

lastlog is local only

Reported by: fawkes Owned by:
Priority: low Milestone: Summer 2010 (Lucid Deploy)
Component: -- Keywords:
Cc: Fixed in version:
Upstream bug:

Description

Noticed on linerva post-lenny upgrade.

Running lastlog outputs:

root pts/116 balanced-tree.mi Tue Mar 10 03:26:35 -0400 2009
daemon Never logged in
bin Never logged in
sys Never logged in
sync Never logged in
games Never logged in

... etc.

for all the people in /etc/passwd

syntax is also off from Athena version. Athena lastlog syntax was lastlog <user>. /usr/bin/lastlog would take the syntax laslog -u <user>, so even if this client is made AFS/Athena aware, it may confuse some users.

Change History

comment:1 Changed 13 years ago by broder

debathena-login should divert /usr/bin/lastlog and replace it with an attachandrun script to run lastlog out of the consult locker.

If whoever writes this is feeling awesome, they'd write a wrapper script that attempts to switch between local and remote based on local user existence, but if I package this, I won't be that awesome.

comment:2 follow-up: ↓ 4 Changed 13 years ago by broder

I'm kind of failing to find a package where this fits in cleanly. Does anyone have any ideas, before I go off and make yet another package?

comment:3 Changed 12 years ago by jdreed

  • Component set to --
  • Milestone set to IAP 2010

comment:4 in reply to: ↑ 2 Changed 12 years ago by geofft

Replying to broder:

I'm kind of failing to find a package where this fits in cleanly. Does anyone have any ideas, before I go off and make yet another package?

There's debathena-misc-glue. But I kind of want to split that package's three attachandrun scripts into their own packages, so you can uninstall, say, debathena-acroread-glue and replace it with a local Acrobat without punting the other two attachandrun scripts as well.

comment:5 follow-up: ↓ 6 Changed 11 years ago by andersk

How important is this?

Noting that /mit/consult/bin/lastlog doesn’t work on local users, and that it is full of about as many remote code execution bugs as you might expect from a Perl script in a locker that uses the network and backticks, and that it’s really only useful for stalking, I am sketched out by the idea of using it to divert a local binary—it isn’t that difficult to ‘add -f consult’.

comment:6 in reply to: ↑ 5 ; follow-up: ↓ 7 Changed 11 years ago by broder

I think you're conflating issues here

Replying to andersk:

Noting that /mit/consult/bin/lastlog doesn’t work on local users

So we should have an intelligent wrapper.

and that it is full of about as many remote code execution bugs as you might expect from a Perl script in a locker that uses the network and backticks,

That's really a separate issue from whether or not running "lastlog" should get you something that's AFS-aware

and that it’s really only useful for stalking,

And last locally isn't?

I am sketched out by the idea of using it to divert a local binary—it isn’t that difficult to ‘add -f consult’.

On Athena 9, /usr/athena/bin/lastlog is an attachandrun script that runs lastlog out of the consult locker. Back when Linerva had athmode, I'm pretty sure that lastlog ran lastlog from the consult locker in athmode.

I still think we should do this, because that's the traditional behavior. If you don't like the lastlog script in the consult locker, I'd encourage you to take that up with consultdev.

comment:7 in reply to: ↑ 6 Changed 11 years ago by andersk

broder clarified on zephyr that he did not intend to suggest we should dismiss my concerns and start using /mit/consult/bin/lastlog now, and that he is too busy with graduation to make this clarification himself.

I still think it’s worth asking whether this “traditional” behavior is useful to anyone before we try to come up with a plan for implementing it in a secure way; currently we’ve done neither.

comment:8 Changed 11 years ago by jdreed

lastlog wasn't always in the release. I don't remember exactly when we added it (and don't have time to dig through the repository history right now), but historically it was always just a script in the consult locker. I'll dig through some docs and see if we ever talk about it outside the context of the locker.

Consider security concerns about the existing script reported to consultdev. If we decide to move forward on this, I really don't care what the diverted version looks like as long as it gets the volume's "Last Update" timestamp.

comment:9 Changed 11 years ago by jdreed

I have Googled sufficiently to convince myself that we never advertised lastlog being local. So we can either WONTFIX this, or we should wrap it. I have no real preference.

comment:10 Changed 11 years ago by jdreed

  • Status changed from new to closed
  • Resolution set to workaround
Note: See TracTickets for help on using tickets.