Package: libpam-runtime Version: 1.1.8-3.6 Severity: grave I performed a full-upgrade on a system with little space on the root filesystem. This failed part way through due to running out of space. A while after resolving this and completing the upgrade, I found that:
1. The GNOME screensaver was no longer password locked 2. sudo and su failed 3. I could log in on a VT as any user without a password After some panicking, I tracked this down to a change in /etc/pam.d. /etc/pam.d/common-auth was now an empty file. I believe this was updated by pam-auth-update during the upgrade, as a couple of PAM packages were upgraded and I saw a debconf question about it. pam-auth-update (or anything else updating these files) MUST check that ALL writes were successful before replacing a configuration file. This is both a security issue and a data loss issue. Ben. -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libpam-runtime depends on: ii debconf [debconf-2.0] 1.5.64 ii libpam-modules 1.1.8-3.6 libpam-runtime recommends no packages. libpam-runtime suggests no packages. -- debconf information: libpam-runtime/no_profiles_chosen: * libpam-runtime/override: false libpam-runtime/profiles: unix, systemd, gnome-keyring, capability libpam-runtime/conflicts: libpam-runtime/title:
