Chris Hofstaedtler <z...@debian.org> writes: > you are probably aware of the time_t-64bit migration :-) > However, this does not magically transition all data formats to 64bit > times. One such instance is the set of utmp/wtmp and lastlog files. > > Thorsten Kukuk and others have been working on replacements for the > existing file formats and interfaces [1]; these are called wtmpdb > and lastlog2. > > Some parties have requested that we do something in Debian [2]. If > we use Thorsten's work (and why not?)
> Thorsten's code introduces new PAM modules to manage the new files, > so it should transparently work with most packages. Later, the > old interfaces can probably be turned off. > On the wiki [0] I have summarized what I know; a list of initial > work items; and some open questions mostly concerned with upgrading. > > I invite you to read the wiki page and the background info, to > identify gaps the chkrootkit package provides several utilities for examining some of these files: chkutmp chkwtmp and check_wtmpx and chklastlog [a] -- it does not use pam but reads the files in /var/log How would I test these against the new files - i assume the new versions are compatable but might need bigger variables in those utilities? (any assistance with that review is welcome - C is not my thing!) [a] You can read these here --- https://salsa.debian.org/pkg-security-team/chkrootkit but nb that there are many patches in debian/patches that touch these (use gbp pq import to see the patched versions) > [0] https://wiki.debian.org/pam_lastlog2%20and%20wtmpdb > [1] https://www.thkukuk.de/blog/Y2038_glibc_lastlog_64bit/ > [2] https://bugs.debian.org/1068017 Richard
