severity 519927 serious thanks On Mon, Mar 16, 2009 at 01:53:23AM -0700, Russell Senior wrote:
> On some Debian unstable systems, configuring libpam-runtime leads to > the following question: > # dpkg-reconfigure libpam-runtime > Pluggable Authentication Modules (PAM) determine how authentication, > authorization, and password changing are handled on the system, as well as > allowing configuration of additional actions to take when starting user > sessions. > Some PAM module packages provide profiles that can be used to automatically > adjust the behavior of all PAM-using applications on the system. Please > indicate which of these behaviors you wish to enable. > 1. Unix authentication 2. none of the above > (Enter the items you want to select, separated by spaces.) > PAM profiles to enable: > Pressing enter (with an empty default) results in Unix password > authentication being turned off. This happens only if: - You set the debconf priority to medium or lower. - You are using the readline frontend instead of the default dialog frontend. - You do not have libterm-readline-gnu-perl installed. To the extent that debconf doesn't inform you what the currently-selected options are, that should probably be considered a debconf bug. However, with these settings you're going to get a lot of wrong "defaults" if you're just hitting enter, and that's effectively user error for configuring debconf that way and subsequently hitting enter... > This is unexpected and not very nice behavior. I have labelled severity > as critical as it had the effect of leaving a system accessible remotely > without password for several days, during which typical ssh robo-scans > were able to log in freely and trivially gain root. No, it's not very nice. There are three possible courses of action here in the case that the user selects an empty set of modules. We can have a default permit policy (fail open), a default deny policy (fail closed), or we can force the user to choose one or more modules. I had avoided going with the last option because it requires additional debconf prompts that will require another round of translation; but if it's not sufficiently obvious that it's an error to answer this question with an empty set of modules, then that's what we'll need to do. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
