Your message dated Tue, 04 Nov 2008 21:17:12 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#488376: fixed in base-files 4.0.6 has caused the Debian Bug report #488376, regarding base-files: silently enforces login book-keeping to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 488376: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=488376 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: base-files Version: 4.0.4 Severity: normal Tags: security Hello, Context #1 : there is some work being done to to give the system administrator the means to implement site-logging policies ; today’s focus is to allow a Debian system administrator to disable, « the Debian way », login records book-keeping, rather than relying on ugly hacks. This bug report is a small step on the way to make this possible (another step being the related Debian bug #488365... more to come). Context #2 : the files /var/log/{btmp,wtmp,lastlog} and /var/run/utmp gather privacy-sensitive data (e.g. the IP address a user last logged in from with ssh). Disabling such logging is tricky enough on a current Debian system, without the base-files postinst behaviour making it even harder... which it actually does. As an example, according to wtmp’s and lastb’s manpages, the standard way to disable /var/log/{btmp,wtpm} logging is to simply delete these files : no program should ever create them if them does not exist yet. Nice. But... base-files’ postinst unconditionally creates these files on install/upgrade if they don’t exist yet, thus enforcing login book-keeping. Not nice at all, since this can provide a sysadmin with a false sense of privacy/security, thinking he/she has disabled a privacy-breaking feature whereas it will be silently re-enabled later without he/she knowing it. That’s why I dared to tag this bug « security ». Temporary conclusion : it is currently impossible, in Debian, to use the standard way to disable permanently e.g. /var/log/{btmp,wtmp} logging, as next base-files’ upgrade will forcibly re-enable it. My proposal is the following : provide a slick and clean way to disable the automatic creation of /var/log/{btmp,wtmp,lastlog} and /var/run/utmp in base-files’ postinst. IMHO, a global switch for these four files would be enough, since a sysadmin willing to disable logins logging is probably willing to do it globally. I’m volunteering to provide a patch implementing the solution we’ll choose. I’m not sure how to achieve this best. A few ideas and random notes to start with : (1) The best for CDDs would be to use debconf to ask/store this setting, but debconf only has Priority: required, whereas base-files is in Essential, so I don’t know if this is doable, or even legal in regard to the Debian Policy. (2) A simplistic file-existence-based switch, on the model of how the /etc/nologin file is used ; a good and not too confusing name would be hard to find, but this would be the easiest solution not only to implement, but also to enable/disable e.g. in a CDD. (3) A configuration variable in /etc/default/base-files would require a CDD wanting to disable login records to edit another package’s configuration file, which is forbidden by the Debian policy, so this solution does not seem to be suitable. Please note I’m intentionally setting severity normal to this bug, which could be disputable : on the one hand, one could consider it as a simple feature request, thus only deserving a wishlist severity ; on the other hand, it really breaks the standard (and documented) way to disable some login records book-keeping features. More context : data retention has become a hot legal topic for ISPs and other Online Service Providers (OSPs). There are many instances where it is preferable to keep less information on users than is collected by default on many systems. In the United States, there is currently no requirement to retain data on users of a server, but you may be required to provide all data on a user which you have retained. OSPs can protect themselves from legal hassles and added work by choosing what data they wish to retain. Bye, thanks to have read entirely :) -- intrigeri <[EMAIL PROTECTED]>
--- End Message ---
--- Begin Message ---Source: base-files Source-Version: 4.0.6 We believe that the bug you reported is fixed in the latest version of base-files, which is due to be installed in the Debian FTP archive: base-files_4.0.6.dsc to pool/main/b/base-files/base-files_4.0.6.dsc base-files_4.0.6.tar.gz to pool/main/b/base-files/base-files_4.0.6.tar.gz base-files_4.0.6_powerpc.deb to pool/main/b/base-files/base-files_4.0.6_powerpc.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Santiago Vila <[EMAIL PROTECTED]> (supplier of updated base-files package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 04 Nov 2008 20:34:12 +0100 Source: base-files Binary: base-files Architecture: source powerpc Version: 4.0.6 Distribution: unstable Urgency: low Maintainer: Santiago Vila <[EMAIL PROTECTED]> Changed-By: Santiago Vila <[EMAIL PROTECTED]> Description: base-files - Debian base system miscellaneous files Closes: 488376 Changes: base-files (4.0.6) unstable; urgency=low . * Changed the way wtmp, btmp and lastlog are handled. They are no longer recreated at every base-files upgrade. Instead, they are only created once, when base-files is installed by debootstrap. It is really not base-files business to fiddle with those files, as it is documented that removing them is the standard way to disable logging to them. Closes: #488376. Checksums-Sha1: 6a4e522f5beee93c862729ffcdd0228d271d8514 668 base-files_4.0.6.dsc 3d1ad3145d2574bb093ef334060abe21d6b9a0aa 58763 base-files_4.0.6.tar.gz a68b5cffd32e5877d39de1b362b6d475e741bba8 60206 base-files_4.0.6_powerpc.deb Checksums-Sha256: 70c99158af2ab7503d96dddba386bb0f42a3cc65a0acbadf0302176b06ca6d8f 668 base-files_4.0.6.dsc d367c0a35a8cef1b5c3b074dfd7fe2e9d3b3f4758f15d5c6ecdabe31c673622c 58763 base-files_4.0.6.tar.gz 019c7922933146af536c7dfb7aee8c2a3818511d1290fbefd7b9e5c5549f357c 60206 base-files_4.0.6_powerpc.deb Files: 06991186b9c07cee4d0bdacb8a68a850 668 admin required base-files_4.0.6.dsc dc804697d1c9aff520ff7d56cc62dca2 58763 admin required base-files_4.0.6.tar.gz 52df2a4ca27ca4172cb2039870c35e98 60206 admin required base-files_4.0.6_powerpc.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJEKZkd9Uuvj7yPNYRAhInAKCbtL6NM7kFGMbVeBPsyMq3ZHYH3ACfTbuO t3Dl9Fs9Eveyx9SpfYOSpYU= =UPyK -----END PGP SIGNATURE-----
--- End Message ---
