Hi Sven, On Thu, Jun 05, 2025 at 10:22:46PM +0200, Sven Geuer wrote: > On Thu, 2025-06-05 at 08:16 +0100, Andrew Bower wrote: > > Hi Team, > > > > I have prepared a drive-by contribution at > > https://salsa.debian.org/pkg-security-team/acct/-/merge_requests/6 to > > fix RC bug https://bugs.debian.org/1074591 raised against acct. > > > > If this fix is acceptable to the team I am willing to prepare an unblock > > request for the package, explaining that the documentation changes are > > an integral part of the fix to ensure that users understand the > > package's limitations and whether it is suitable for their use case. > > Thanks for your MR and your offer! My pleasure! > > The login analysis for a running system is no longer effective in acct > > on trixie > > May be I am wrong, but wouldn't it be effective with wtmpdb and libpam- > wtmpdb installed? If the answer is yes it seems reasonable to me to > have acct depend on wtmpdb and libpam-wtmpdb. It would also allow for a > simplified change to the documentation. This is a good question! Perhaps I should transfer this comment to the bug but the reason for the user-reported error (which I'm not convinced is really serious although I think a documentation update is due at a minimum) is that the last command is invoked with the '-f' option to refer specifically to /var/log/wtmp, which either does not exist or is not in wtmpdb format. So what this patch does to the cron job is to let 'last' use the default live database location and indeed limits to just the last month which is clearly what was originally intended with the cron job and obviates the need for the current README.Debian contents, too. Now that was just the cron job (which probably isn't that important anymore.) So far as I can tell there are 4 main uses for this package: 1. Live login analysis 2. Live process accounting analysis 3. Forensic login analysis of another target 4. Forensic process accounting of another target The live login analysis relies on /var/log/wtmp being written in utmp format, which no longer happens (well, can't be guaranteed to happen comprehensively) in Debian 13 and wouldn't be helped by the presence of wtmpdb. So that makes use case 1 not very useful in trixie. But the other three use cases are still valid and the forensic use of login analysis is useful not just for older Debian installations but of other distributions which have not dropped wtmp. > If the functionality changed at least a 'Suggests' should be added to > d/control, IMHO. > > Does this make sense to you, Andrew? Yes, I think 'Suggests wtmpdb' could be justified normally, although it only helps the low importance cron job, but I thought changes to dependencies weren't desirable at this freeze stage? > > but the process accounting capability still works and the > > tools in this package still have utility in analysing files mounted from > > other systems, which I assume to be the use case of the Kali derivative. > > Therefore I suggest it is worth rescuing acct from last minute removal > > from testing. > > > > Either way, thanks for your attention, > > As I am not familiar with acct at all I would like to see an additional > comment on this proposal from a team member more competent in this > regard. > > > > > Andrew > > Cheers, > Sven > > -- > GPG Fingerprint > 3DF5 E8AA 43FC 9FDF D086 F195 ADF5 0EDA F8AD D585
Attachment:
signature.asc
Description: PGP signature