Hi Andrew, On Thu, 2025-06-05 at 21:55 +0100, Andrew Bower wrote: > Hi Sven, > > On Thu, Jun 05, 2025 at 10:22:46PM +0200, Sven Geuer wrote: > > On Thu, 2025-06-05 at 08:16 +0100, Andrew Bower wrote: > > > Hi Team, > > > > > > I have prepared a drive-by contribution at > > > https://salsa.debian.org/pkg-security-team/acct/-/merge_requests/6 to > > > fix RC bug https://bugs.debian.org/1074591 raised against acct. > > > > > > If this fix is acceptable to the team I am willing to prepare an unblock > > > request for the package, explaining that the documentation changes are > > > an integral part of the fix to ensure that users understand the > > > package's limitations and whether it is suitable for their use case. > > > > Thanks for your MR and your offer! > > My pleasure! > > > > The login analysis for a running system is no longer effective in acct > > > on trixie > > > > May be I am wrong, but wouldn't it be effective with wtmpdb and libpam- > > wtmpdb installed? If the answer is yes it seems reasonable to me to > > have acct depend on wtmpdb and libpam-wtmpdb. It would also allow for a > > simplified change to the documentation. > > This is a good question! > > Perhaps I should transfer this comment to the bug but the reason for the > user-reported error (which I'm not convinced is really serious although > I think a documentation update is due at a minimum) is that the last > command is invoked with the '-f' option to refer specifically to > /var/log/wtmp, which either does not exist or is not in wtmpdb format. > > So what this patch does to the cron job is to let 'last' use the default > live database location and indeed limits to just the last month which is > clearly what was originally intended with the cron job and obviates the > need for the current README.Debian contents, too. > > Now that was just the cron job (which probably isn't that important > anymore.) So far as I can tell there are 4 main uses for this package: > > 1. Live login analysis > 2. Live process accounting analysis > 3. Forensic login analysis of another target > 4. Forensic process accounting of another target > > The live login analysis relies on /var/log/wtmp being written in utmp > format, which no longer happens (well, can't be guaranteed to happen > comprehensively) in Debian 13 and wouldn't be helped by the presence of > wtmpdb. So that makes use case 1 not very useful in trixie. > > But the other three use cases are still valid and the forensic use of > login analysis is useful not just for older Debian installations but > of other distributions which have not dropped wtmp. > > > If the functionality changed at least a 'Suggests' should be added to > > d/control, IMHO. > > > > Does this make sense to you, Andrew? > > Yes, I think 'Suggests wtmpdb' could be justified normally, although it > only helps the low importance cron job, but I thought changes to > dependencies weren't desirable at this freeze stage? Assuming you refer to this line 7. changing relations (depends, conflicts, ...) between packages under https://release.debian.org/testing/freeze_policy.html#appropriate, I read this as changes to the Depends field are not desirable, while changes to the Recommmends and Suggests fields are not covered, though the '...' might include them. I really would prefer to have the Suggests field included, so, asking for a pre-approval might be right measure to be on the save side. > > > > but the process accounting capability still works and the > > > tools in this package still have utility in analysing files mounted from > > > other systems, which I assume to be the use case of the Kali derivative. > > > Therefore I suggest it is worth rescuing acct from last minute removal > > > from testing. > > > > > > Either way, thanks for your attention, > > > > As I am not familiar with acct at all I would like to see an additional > > comment on this proposal from a team member more competent in this > > regard. > > > > > > > > Andrew > > > > Cheers, > > Sven > > > > -- > > GPG Fingerprint > > 3DF5 E8AA 43FC 9FDF D086 F195 ADF5 0EDA F8AD D585 > -- GPG Fingerprint 3DF5 E8AA 43FC 9FDF D086 F195 ADF5 0EDA F8AD D585
Attachment:
signature.asc
Description: This is a digitally signed message part