[ Impact ] * In highly unlikely non-default configuration pam_motd may be configured to influence PAM's authentication and reporting PAM_SUCCESS may let users in the system. * The fix is returning only PAM_IGNORE and error values.
[ Test Case ] * Configure PAM to deny access when pam_motd returns PAM_SUCCESS: $ cat /etc/pam.d/login ... session [success=die ignore=ignore] pam_motd.so motd=/run/motd.dynamic ... * Try to log in: # login ubuntu * Observe being able to log in due to pam_motd not returning PAM_SUCCESS [Regression Potential] * Minimal this is a fix partially reverting the behaviour change that was found undesired in LP: #1855092 . The return value of pam_motd is ignored in real-world configurations, thus it does not matter. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/1856703 Title: Return only PAM_IGNORE or error from pam_motd Status in pam package in Ubuntu: New Status in pam source package in Eoan: New Bug description: https://github.com/linux-pam/linux-pam/pull/157 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1856703/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
