info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1017467: libpam-systemd: upgrade broke unix_chkpwd fallback for root user
0 views
Skip to first unread message
Christian Göttsche
Aug 16, 2022, 10:50:02 AM8/16/22
to
Package: libpam-systemd
Version: 251.4-1
Severity: critical
Since the upgrade to 251.4-1 root logins (via local_login or ssh) do
not fallback to query the password via unix_chkpwd(8) in case
/etc/shadow in not read-able.
Other accounts continue to work.
On SELinux enabled systems this is the desired behavior to limit the
access on /etc/shadow to trusted binaries.
-- System Information (after downgrade):
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.18.0-4-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: debian
Versions of packages libpam-systemd depends on:
ii dbus [default-dbus-system-bus] 1.14.0-2
ii dbus-broker [dbus-system-bus] 32-1
ii libc6 2.34-3
ii libcap2 1:2.44-1
ii libpam-runtime 1.4.0-13
ii libpam0g 1.4.0-13
ii systemd 251.3-1
ii systemd-sysv 251.3-1
Versions of packages libpam-systemd recommends:
ii dbus-user-session 1.14.0-2
libpam-systemd suggests no packages.
-- no debconf information
Version: 251.4-1
Severity: critical
Since the upgrade to 251.4-1 root logins (via local_login or ssh) do
not fallback to query the password via unix_chkpwd(8) in case
/etc/shadow in not read-able.
Other accounts continue to work.
On SELinux enabled systems this is the desired behavior to limit the
access on /etc/shadow to trusted binaries.
-- System Information (after downgrade):
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.18.0-4-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: debian
Versions of packages libpam-systemd depends on:
ii dbus [default-dbus-system-bus] 1.14.0-2
ii dbus-broker [dbus-system-bus] 32-1
ii libc6 2.34-3
ii libcap2 1:2.44-1
ii libpam-runtime 1.4.0-13
ii libpam0g 1.4.0-13
ii systemd 251.3-1
ii systemd-sysv 251.3-1
Versions of packages libpam-systemd recommends:
ii dbus-user-session 1.14.0-2
libpam-systemd suggests no packages.
-- no debconf information
Debian Bug Tracking System
Aug 16, 2022, 2:10:03 PM8/16/22
to
Processing control commands:
> reassign -1 pam 1.4.0-13
Bug #1017467 [libpam-systemd] libpam-systemd: upgrade broke unix_chkpwd fallback for root user
Bug reassigned from package 'libpam-systemd' to 'pam'.
No longer marked as found in versions systemd/251.4-1.
Ignoring request to alter fixed versions of bug #1017467 to the same values previously set
Bug #1017467 [pam] libpam-systemd: upgrade broke unix_chkpwd fallback for root user
There is no source info for the package 'pam' at version '1.4.0-13' with architecture ''
Unable to make a source version for version '1.4.0-13'
Marked as found in versions 1.4.0-13.
> user selinu...@lists.alioth.debian.org
Unknown command or malformed arguments to command.
> usertags selinux
Unknown command or malformed arguments to command.
--
1017467: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017467
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
> reassign -1 pam 1.4.0-13
Bug #1017467 [libpam-systemd] libpam-systemd: upgrade broke unix_chkpwd fallback for root user
Bug reassigned from package 'libpam-systemd' to 'pam'.
No longer marked as found in versions systemd/251.4-1.
Ignoring request to alter fixed versions of bug #1017467 to the same values previously set
Bug #1017467 [pam] libpam-systemd: upgrade broke unix_chkpwd fallback for root user
There is no source info for the package 'pam' at version '1.4.0-13' with architecture ''
Unable to make a source version for version '1.4.0-13'
Marked as found in versions 1.4.0-13.
> user selinu...@lists.alioth.debian.org
Unknown command or malformed arguments to command.
> usertags selinux
Unknown command or malformed arguments to command.
--
1017467: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017467
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Debian Bug Tracking System
Aug 18, 2022, 4:00:04 AM8/18/22
to
Your message dated Thu, 18 Aug 2022 07:50:45 +0000
with message-id <E1oOaIf-...@fasolo.debian.org>
and subject line Bug#1017467: fixed in pam 1.5.2-1
has caused the Debian Bug report #1017467,
regarding libpam-systemd: upgrade broke unix_chkpwd fallback for root user
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
with message-id <E1oOaIf-...@fasolo.debian.org>
and subject line Bug#1017467: fixed in pam 1.5.2-1
has caused the Debian Bug report #1017467,
regarding libpam-systemd: upgrade broke unix_chkpwd fallback for root user
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
0 new messages