Bug 42550 - last shows users still logged when they are not, due to missing logout records in wtmp.
last shows users still logged when they are not, due to missing logout record...
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: SysVinit (Show other bugs)
7.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-05-28 00:51 EDT by Chris Wolf
Modified: 2014-03-16 22:20 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-05-29 14:39:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
diff with SysVinit-2.78-14 last.c (2.14 KB, patch)
2001-05-29 14:37 EDT, Chris Wolf
no flags Details | Diff
Modified last.c from SysVinit-2.78-14 (16.58 KB, text/plain)
2001-05-29 14:39 EDT, Chris Wolf
no flags Details
A better way to check process existence. (1.82 KB, patch)
2001-06-14 01:05 EDT, Chris Wolf
no flags Details | Diff

  None (edit)
Description Chris Wolf 2001-05-28 00:51:47 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)

Description of problem:
This may be an issue with "sshd", however "last" should be robust 
enough to flag wtmp entries with missing logout records.  Certainly
"last" should not display "still logged in" when that user is not logged 
in.

(BTW, the actual component name "SysVinit", but that choice was not 
offered.)

How reproducible:
Always

Steps to Reproduce:
1. Log in via "ssh"
2. kill the sshd process and shell associated with the login. (kill -9)
3. Both "who" and "last" show the user still logged in.
	

Actual Results:  "last" shows that the user is still logged in. Analysis 
of /var/log/wtmp indicated no matching logout record (type DEAD_PROCESS) 
for the corresponding login record.

Expected Results:  Either "init" should periodically check and fix the 
wtmp file, or
"last" should flag records of type "USER_PROCESS", without an actual
process, as not logged in.

Additional info:

It is important from a security point of view, that an accurate picture of 
the state of logged in users is able to be obtained.

I have a fix for "last.c" which changes the false indication of
a logged in user from:
testuser pts/6        host.bogus.com   Sun May 27 21:13   still logged in

to:


testuser pts/6        host.bogus.com   Sun May 27 21:13    gone - no logout
Comment 1 Bill Nottingham 2001-05-29 12:27:55 EDT
Can you post the patch?
Comment 2 Chris Wolf 2001-05-29 14:37:44 EDT
Created attachment 19913 [details]
diff with SysVinit-2.78-14 last.c
Comment 3 Chris Wolf 2001-05-29 14:39:26 EDT
Created attachment 19914 [details]
Modified last.c from SysVinit-2.78-14
Comment 4 Bill Nottingham 2001-06-12 12:15:09 EDT
Added, modulo a couple of formatting cleanups, in SysVinit-2.78-16. You might
also want to send this to the SysVinit maintainer, <miquels@cistron.nl>.
Comment 5 Chris Wolf 2001-06-14 01:05:06 EDT
Created attachment 21042 [details]
A better way to check process existence.
Comment 6 Chris Wolf 2001-06-14 01:09:04 EDT
Hopefully you didn't run QA yet... I posted a different patch
which checks the process existence in a more efficient way, as
suggested by <miquels@cistron.nl>, the functionality is unchanged.
Comment 7 Bill Nottingham 2001-06-21 12:38:22 EDT
Added, thanks!

Note You need to log in before you can comment on or make changes to this bug.