Package: login Version: 1:4.13+dfsg1-1 Severity: grave Tags: security Justification: user security hole X-Debbugs-Cc: r...@localhost.lan, Debian Security Team <t...@security.debian.org>
Dear Maintainer, please uncomment the line in /etc/login.defs that currently says: #HOME_MODE 0700 to say: HOME_MODE 0700 The current settings makes user $HOME directories be created with permissions where other users can read the contents by default. -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-19-amd64 (SMP w/4 CPU threads) Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: unable to detect Versions of packages login depends on: ii libaudit1 1:3.0.7-1.1+b2 ii libc6 2.36-6 ii libcrypt1 1:4.4.33-1 ii libpam-modules 1.5.2-5 ii libpam-runtime 1.5.2-5 ii libpam0g 1.5.2-5 login recommends no packages. login suggests no packages. -- no debconf information