Package: sysvinit-utils Version: 2.88dsf-12 Severity: normal sysvinit includes a patch, 91_sulogin_lockedpw.dpatch, which is intended to make sulogin skip asking for the root password when the root password is locked (via passwd -l). This patch was taken from Ubuntu, where the root password is locked by default. However the patch does not work correctly if the root password was ever set, meaning it is sometimes broken in Ubuntu and pretty much always broken in Debian. It relies on the encrypted password being exactly "!", but locking a password only prepends "!" to the existing encrypted password, it does not replace it. The Ubuntu bug is:
https://bugs.launchpad.net/ubuntu/+source/sysvinit/+bug/268271 The Debian bug that included the patch is: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326678 It looks like it should be rather easy to replace, e.g.: strcmp(pwd.pw_passwd, "!") == 0 with pwd.pw_passwd[0] == '!' Though perhaps a more general check for invalid passwords is warranted. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages sysvinit-utils depends on: ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib ii libselinux1 2.0.96-1 SELinux runtime shared libraries sysvinit-utils recommends no packages. Versions of packages sysvinit-utils suggests: pn sash <none> (no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org