Translation(s): none


Y2038-safe Replacements for lastlog and wtmp/utmp

The lastlog and wtmp/utmp "databases" as currently maintained by individual programs are not Y2038-safe. Thorsten Kukuk proposed new code as replacements for these databases and interfaces. This wiki page intends to collect a plan forward for Debian, based on Thorsten Kukuk's new code.

Thorsten's code works like this:

Some changes have already happened, f.e. src:pam already stopped shipping pam_lastlog.so in unstable.

Note: lastlog and last are two different things. Please keep this mind when thinking about/discussing them.

Please see Thorsten's blog entry and the summary on the utmpx projects:

Additional background information:

utmp/wtmp: Introduce wtmpdb

src:wtmpdb is currently in NEW. It brings libpam-wtmpdb (incl. pam-auth-update snippet), libwtmpdb-dev, libwtmpdb0, wtmpdb bin-packages. The /usr/bin/wtmpdb binary provides last(1)-like interface, and could also take over that name (but the packages in NEW leave the name alone currently).

Priority: standard was chosen for libpam-wtmpdb and wtmpdb, in the expectation that most systems want a working last(1). Just like today.

Current status

glibc provides the current utmp/wtmp interfaces. Programs use them directly.

Open Questions

lastlog: Introduce pam_lastlog2.so in Debian

Bug requesting pam_lastlog2.so: https://bugs.debian.org/1068017 - please use this bug for discussion about (pam_)lastlog2.

Background: lastlog(8) reads /var/log/lastlog. The data in this file is in a format which does not survive Y2038 (it stores 32bit time_t values). This file is updated directly by sshd, and (in bookworm and earlier) by pam_lastlog.so.

PAM in Debian trixie/sid already dropped pam_lastlog.so, see Debian bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066060 and upstream https://github.com/linux-pam/linux-pam/commit/357a4ddbe9b4b10ebd805d2af3e32f3ead5b8816 .

As a replacement, util-linux upstream added pam_lastlog2.so. It writes into a new file, in sqlite3 file format.

This wiki page should summarize the required changes in Debian, IF we want to introduce pam_lastlog2.so. The other option is to stop having lastlog(8).

Current status

Bugs:

Option A: move to lastlog2

Package changes (proposed)

Upgrade considerations

Open questions

Option B: drop lastlog

https://xkcd.com/1172/

Open questions

Future work

It seems useful to disable writing the old files in the same release that we introduce the new code, to avoid user/sysadmin confusion, accidents, and waste of disk space. For lastlog, this seems mostly easy and is already listed in the lastlog section. For wtmpdb, we probably should identify all packages using glibc's interface and use build-time configure options to disable that. Packages actually reading using the glibc utmp interface need to use libwtmpdb-dev then.