[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposed RC fix for acct



Hi Andrew,

On Thu, 2025-06-05 at 21:55 +0100, Andrew Bower wrote:
> Hi Sven,
> 
> On Thu, Jun 05, 2025 at 10:22:46PM +0200, Sven Geuer wrote:
> > On Thu, 2025-06-05 at 08:16 +0100, Andrew Bower wrote:
> > > Hi Team,
> > > 
> > > I have prepared a drive-by contribution at
> > > https://salsa.debian.org/pkg-security-team/acct/-/merge_requests/6 to
> > > fix RC bug https://bugs.debian.org/1074591 raised against acct.
> > > 
> > > If this fix is acceptable to the team I am willing to prepare an unblock
> > > request for the package, explaining that the documentation changes are
> > > an integral part of the fix to ensure that users understand the
> > > package's limitations and whether it is suitable for their use case.
> > 
> > Thanks for your MR and your offer!
> 
> My pleasure!
> 
> > > The login analysis for a running system is no longer effective in acct
> > > on trixie
> > 
> > May be I am wrong, but wouldn't it be effective with wtmpdb and libpam-
> > wtmpdb installed? If the answer is yes it seems reasonable to me to
> > have acct depend on wtmpdb and libpam-wtmpdb. It would also allow for a
> > simplified change to the documentation.
> 
> This is a good question!
> 
> Perhaps I should transfer this comment to the bug but the reason for the
> user-reported error (which I'm not convinced is really serious although
> I think a documentation update is due at a minimum) is that the last
> command is invoked with the '-f' option to refer specifically to
> /var/log/wtmp, which either does not exist or is not in wtmpdb format.
> 
> So what this patch does to the cron job is to let 'last' use the default
> live database location and indeed limits to just the last month which is
> clearly what was originally intended with the cron job and obviates the
> need for the current README.Debian contents, too.
> 
> Now that was just the cron job (which probably isn't that important
> anymore.) So far as I can tell there are 4 main uses for this package:
> 
> 1. Live login analysis
> 2. Live process accounting analysis
> 3. Forensic login analysis of another target
> 4. Forensic process accounting of another target
> 
> The live login analysis relies on /var/log/wtmp being written in utmp
> format, which no longer happens (well, can't be guaranteed to happen
> comprehensively) in Debian 13 and wouldn't be helped by the presence of
> wtmpdb. So that makes use case 1 not very useful in trixie.
> 
> But the other three use cases are still valid and the forensic use of
> login analysis is useful not just for older Debian installations but
> of other distributions which have not dropped wtmp.
> 
> > If the functionality changed at least a 'Suggests' should be added to
> > d/control, IMHO.
> > 
> > Does this make sense to you, Andrew?
> 
> Yes, I think 'Suggests wtmpdb' could be justified normally, although it
> only helps the low importance cron job, but I thought changes to
> dependencies weren't desirable at this freeze stage?

Assuming you refer to this line

7. changing relations (depends, conflicts, ...) between packages

under https://release.debian.org/testing/freeze_policy.html#appropriate,
I read this as changes to the Depends field are not desirable, while
changes to the Recommmends and Suggests fields are not covered, though
the '...' might include them.

I really would prefer to have the Suggests field included, so, asking for a
pre-approval might be right measure to be on the save side.


> 
> > >           but the process accounting capability still works and the
> > > tools in this package still have utility in analysing files mounted from
> > > other systems, which I assume to be the use case of the Kali derivative.
> > > Therefore I suggest it is worth rescuing acct from last minute removal
> > > from testing.
> > > 
> > > Either way, thanks for your attention,
> > 
> > As I am not familiar with acct at all I would like to see an additional
> > comment on this proposal from a team member more competent in this
> > regard.
> > 
> > > 
> > > Andrew
> > 
> > Cheers,
> > Sven
> > 
> > -- 
> > GPG Fingerprint
> > 3DF5 E8AA 43FC 9FDF D086 F195 ADF5 0EDA F8AD D585
> 

-- 
GPG Fingerprint
3DF5 E8AA 43FC 9FDF D086 F195 ADF5 0EDA F8AD D585

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: