Bug#914957: [Pkg-shadow-devel] Bug#914957: login: removal of pts/* from /etc/securetty wasn't applied in stretch
Hi Michael, Michael Biebl ezt írta (időpont: 2018. dec. 9., V, 0:37): > > On Sat, 8 Dec 2018 21:57:11 +0100 =?UTF-8?B?QsOhbGludCBSw6ljemV5?= > wrote: > > While I believe securetty should be disabled by default > > Fwiw, I agree that securetty is a bad idea and should be removed from > the default pam configuration. > There is a login-standing bug report, documenting that securetty breaks > "machinectl login" [1] fwiw. > > Can we please revisit this and drop securetty from /etc/pam.d/login for > buster? Unfortunately this missed Buster, but it is at least done for Bullseye and later. Cheers, Balint > > Regards, > Michael > > > [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771675#20 > -- > Why is it that all of the instruments seeking intelligent life in the > universe are pointed away from Earth? >
Bug#914957: [Pkg-shadow-devel] Bug#914957: login: removal of pts/* from /etc/securetty wasn't applied in stretch
On Sat, 8 Dec 2018 21:57:11 +0100 =?UTF-8?B?QsOhbGludCBSw6ljemV5?= wrote: > While I believe securetty should be disabled by default Fwiw, I agree that securetty is a bad idea and should be removed from the default pam configuration. There is a login-standing bug report, documenting that securetty breaks "machinectl login" [1] fwiw. Can we please revisit this and drop securetty from /etc/pam.d/login for buster? Regards, Michael [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771675#20 -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#914957: [Pkg-shadow-devel] Bug#914957: login: removal of pts/* from /etc/securetty wasn't applied in stretch
Control: block -1 by 877374 Hi, Salvatore Bonaccorso ezt írta (időpont: 2018. nov. 29., Cs, 6:11): > > Control: fixed -1 1:4.5-1 > > Hi, > > [disclaimer: not the maintainer here] > > On Thu, Nov 29, 2018 at 02:15:18PM +1100, russm wrote: > > Package: login > > Version: 1:4.4-4.1 > > Severity: grave > > Tags: security > > Justification: user security hole > > > > The addition of pts/* to /etc/securetty was reverted in 1:4.5-1 but > > *not* in packages installed to stretch. Please backport this fix to > > 1:4.4-* > > The stretch update part of this is requested here: > https://bugs.debian.org/877374 While I believe securetty should be disabled by default and nullok is a bad practice I offered the backport in #877374 and this is the most I can do as the maintainer. Cheers, Balint
Bug#914957: login: removal of pts/* from /etc/securetty wasn't applied in stretch
Control: fixed -1 1:4.5-1 Hi, [disclaimer: not the maintainer here] On Thu, Nov 29, 2018 at 02:15:18PM +1100, russm wrote: > Package: login > Version: 1:4.4-4.1 > Severity: grave > Tags: security > Justification: user security hole > > The addition of pts/* to /etc/securetty was reverted in 1:4.5-1 but > *not* in packages installed to stretch. Please backport this fix to > 1:4.4-* The stretch update part of this is requested here: https://bugs.debian.org/877374 Regards, Salvatore
Bug#914957: login: removal of pts/* from /etc/securetty wasn't applied in stretch
Package: login Version: 1:4.4-4.1 Severity: grave Tags: security Justification: user security hole The addition of pts/* to /etc/securetty was reverted in 1:4.5-1 but *not* in packages installed to stretch. Please backport this fix to 1:4.4-* -- System Information: Debian Release: 9.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.18.0-0.bpo.1-amd64 (SMP w/16 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages login depends on: ii libaudit1 1:2.6.7-2 ii libc6 2.24-11+deb9u3 ii libpam-modules 1.1.8-3.6 ii libpam-runtime 1.1.8-3.6 ii libpam0g1.1.8-3.6 login recommends no packages. login suggests no packages. -- no debconf information