Bug 24684 - login logs non-existing user (failed)logins to /var/log/btmp
Summary: login logs non-existing user (failed)logins to /var/log/btmp
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: util-linux
Version: 6.2
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Crutcher Dunnavant
QA Contact: David Lawrence
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-01-23 13:29 UTC by Jarno Huuskonen
Modified: 2007-04-18 16:30 UTC (History)
1 user (show)

(edit)
Clone Of:
(edit)
Last Closed: 2001-01-23 13:29:38 UTC


Attachments (Terms of Use)

Description Jarno Huuskonen 2001-01-23 13:29:35 UTC
util-linux login logs failed login attempts to /var/log/btmp.
This logging happens even if the user doesn't exist.

This can be fixed by not logging to btmp if pam retcode is
PAM_USER_UNKNOWN.

Here's a patch I made:

--- util-linux-2.10f/login-utils/login.c-orig   Tue Jan 23 14:22:09 2001
+++ util-linux-2.10f/login-utils/login.c        Tue Jan 23 14:23:33 2001
@@ -592,7 +592,9 @@
            pam_get_item(pamh, PAM_USER, (const void **) &username);
            syslog(LOG_NOTICE,_("FAILED LOGIN %d FROM %s FOR %s, %s"),
                failcount, hostname, username, pam_strerror(pamh,
retcode));
-           logbtmp(ttyn + 5, username, hostname);
+                       /* Don't log to btmp if the user doesn't exist */
+                       if ( retcode != PAM_USER_UNKNOWN )
+                               logbtmp(ttyn + 5, username, hostname);
            fprintf(stderr,_("Login incorrect\n\n"));
            pam_set_item(pamh,PAM_USER,NULL);
            retcode = pam_authenticate(pamh, 0);

Comment 1 Nalin Dahyabhai 2001-01-25 01:39:26 UTC
Transient errors on a network (i.e., downed NIS server) can also
cause real users to come up as "unknown".  The btmp file (according
to the lastb man page) logs "bad login attempts", and I believe
these qualify.

If the issue is one of preventing users from seeing other users'
passwords when said users aren't being observant while logging in,
fixing the permissions on the file (or removing it) is simpler.


Note You need to log in before you can comment on or make changes to this bug.