I'm not a huge fan of utempter, since it fills my nice utmp and wtmp files with garbage everytime I start a Konsole from KDE. Everytime I open or close a Konsole window, utempter is invoked and logs my action to /var/run/utmp and /var/log/wtmp. This is quite useless, because when I log in or log out, that is also logged by the login process (/bin/login) or kdm. The information generated by utempter is not needed, because I'm already logged in when I can start KDE's Konsole. Another, more important issue is this one: When I have utempter enabled and when I also have set up a maxlogins limit in /etc/security/limits.conf, the process that handles my login gets confused. Let's say I have a limit of 2 logins per user at the same time. Now I start KDE and open several Konsole windows. Each of them generates its own entry in utmp. Now I want to do a regular login again, but that's not possible, because these Konsole windows have "eaten up" my second login via utempter. But opening a Konsole window is not a real login, I think. I don't know how utempter works exactly, but couldn't it also be used to bypass a maxlogin limit set up in /etc/security/limits.conf? So here's my conclusion: Remove that dependency to utempter from kdelibs. It's just not needed and maybe it is even dangerous to use utempter. kdelibs also works fine without it. I report that as a major issue, because it could be a security problem. If anyone knows better then she/he is welcome to change. Reproducible: Always Steps to Reproduce: 1. emerge -av kdelibs Actual Results: utempter gets installed Expected Results: utempter shouldn't be installed, it is not needed. I use kdelibs-3.4.1-r1. This bug could be related to http://bugs.gentoo.org/show_bug.cgi?id=75943
There's a hint here to disable utmp logging in konsole: http://bugs.kde.org/show_bug.cgi?id=70475, you can give it a try. Also, can you take a look at bug 18252 and see if kwrited works without utempter?
(In reply to comment #1) > There's a hint here to disable utmp logging in konsole: > http://bugs.kde.org/show_bug.cgi?id=70475, you can give it a try. That works, but each user can change this setting, so that will produce polluted logs again. As for my security qualms, I'll check under which circumstances a user can put a "logged off" message (i.e. DEAD_PROCESS) into utmp/wtmp by abusing utempter. As kwrited doesn't work without utempter, I stand up for a USE-Flag named utempter that toggles utempter support on or off.
Now that xterm also has got a hard glued dependency to virtual/utempter, I have changed the title to "New USE-Flag utempter to toggle utempter support on or off" and I've set the severity to "Enhancement". Since Gentoo means freedom of choice to me, I'd be happy to be able to choose to go without utempter. As far as I know utempter does not open a security leak. At least I was unable to write an exploit, but that doesn't mean too much... ;-) I'd be happy to know for sure that utempter does not cause problems with a maxlogins limit. I hope I did the right thing setting "Component" to Ebuilds.
Created attachment 76113 [details, diff] patch for kdelibs-3.5.0-r1 This is a patch for kdelibs3.5.0-r1...
I think you should say your not a big fan of how Konsole acts, because I think most people would say that utmp info is generally good. Instead of picking on kdelibs, can utempter support be disabled at compile time of konsole? Removing utempter (or breaking utempter support as in bug 135818) from kdelibs causes no utmp record to be logged with logging into KDE. I use entrance and my login manager and I haven't tested with kdm, gdm, or xdm, but entrance doesn't record the login, kded or kdeinit does. (I haven't read the code, so i'm not sure which process actually does it, but its something in kdelibs.) I think we agree that a record of the login is good, but records of each konsole session (or any other xterm replacement) should be disabled by default (if even available) and optional. I use rxvt, which doesn't exibit this behavior, so I've never seen this problem myself.
First of all, im happy to see that this bug is not dead... ;-) (In reply to comment #5) > I think you should say your not a big fan of how Konsole acts, because I think > most people would say that utmp info is generally good. Instead of picking on > kdelibs, can utempter support be disabled at compile time of konsole? utmp info _is_ good, yes, but having a binary installed that allows even unprivileged users to mess around with utmp info is not. > Removing utempter (or breaking utempter support as in bug 135818) from kdelibs > causes no utmp record to be logged with logging into KDE. I use entrance and > my login manager and I haven't tested with kdm, gdm, or xdm, but entrance > doesn't record the login, kded or kdeinit does. (I haven't read the code, so > i'm not sure which process actually does it, but its something in kdelibs.) It worked with KDE 3.4 and kdm, but I did not test it with 3.5 or other login managers. > I think we agree that a record of the login is good, but records of each > konsole session (or any other xterm replacement) should be disabled by default > (if even available) and optional. I use rxvt, which doesn't exibit this > behavior, so I've never seen this problem myself. It should not only be disabled by default, it should simply not be possible for an unprivileged process to manipulate utmp data. The whole concept of utempter is broken by design, in my opinion. Removing the setuid/setgid bits from utempter is a possible (but not the most beautiful) solution, at least it works here. Could you try if this works for you, too?
Fixed with kdelibs-3.5.4-r1.
