Package: base-files Version: 12.4+deb12u5 The fragment in /etc/profile (copied from /usr/share/base-files/profile) does not enforce a particular locale when generating the list of /etc/profile.d/*.sh files to load. This means that the ordering of those scripts is not predictable, but depends on the locale (LC_ALL environment variable) of the user logging in, when passed by sshd. This can lead to subtle misbehaviour at best, or outright breakage at worst. A user should not be able to influence the admin-configured script ordering which is set by those filenames.
Suggested fix: explicitly set LC_ALL=C, to match the sort behaviour of run-parts, and if necessary reset it afterwards. thanks, Dave
