[SUMMARY] Problems with 'last' (when OpenSSH compiled 64-bit)

From: David Foster <foster_at_dim.ucsd.edu>
Date: Thu Oct 24 2002 - 18:39:11 EDT
Problem:

  'last' output is incorrect, /var/adm/wtmpx is corrupted. Example:
  
  foster    pts/1               Wed Dec 31 16:00   still logged in
  foster    pts/3        dim    Thu Aug  1 14:34   still logged in

Solution: (workaround)

  This turned out to be an OpenSSH problem! If OpenSSH (only tested
  versions 3.4p1 and 3.5p1) is compiled 64-bit it corrupts the 
  /var/adm/wtmpx file upon first connection, possibly due to an 
  inappropriate data-type (length) being used for one of the records 
  of the structure written to this file (my guess). 
  
  This problem occurs when compiling  with gcc 3.2 or Sun Workshop 5.0.
  
  Compiling 32-bit (gcc 3.2 or Workshop 5.0) solved the problem.
  If anyone has time to peruse the code to determine what is
  doing the Wrong Thing please post your findings!

  Casper Dik referred to a more general problem with OpenSSH 
  corrupting wtmpx:
  
     "There's a known problem with some versions of OpenSSH that
     corrupt utmpx/wtmpx. [...] I think it was caused by OpenSSH updating 
     both utmp and utmpx; that has always been wrong (either update 
     one or the other and the routines will make sure that the files 
     are shadowed; with Solaris 8 utmp was removed and some of the 
     code may have broken in those particular circumstances."
     
     
Thanks to:

Luc Suryo
Casper Dik

> 
> Is anyone else having problems with 'last'? We just upgraded many of our
> boxes from Solaris 8 (07/01) to (10/01), and we are getting incorrect
> results from 'last'. We are at kernel patch level 108528-15.
> 
> 59 <troilus:/var/adm> last | more
> foster    pts/1                         Wed Dec 31 16:00   still logged in
> foster    pts/3        dim              Thu Aug  1 14:34   still logged in
> skchow    console      :0               Wed Jul 31 09:36 - 17:00  (07:24)
> 
> The latest date to appear is always "Wed Dec 31 16:00", nothing after
> Aug 1 appears. I've tried initializing /var/adm/[u,w]tmpx with
> 'cat /dev/null >! ..." but the problem persists. Looked on SunSolve,
> didn't see any patches specific to 'last'.
> 
> Dave Foster


  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
   David Foster    National Center for Microscopy and Imaging Research
    Programmer/Analyst     University of California, San Diego
    dfoster@ucsd.edu       Department of Neuroscience, Mail 0608
    (858) 534-7968         http://ncmir.ucsd.edu/
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

   "The reasonable man adapts himself to the world; the unreasonable one
   persists in trying to adapt the world to himself.  Therefore, all progress
   depends on the unreasonable."   -- George Bernard Shaw
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Thu Oct 24 18:43:45 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:56 EST