On Wed, Jul 29, 2009 at 10:25:38AM -0400, Sam Hartman wrote: > severity: serious > tags: security > package: libpam-runtime > Version: 1.0.1-6
> Even with the changes committed for 1.0.1-10, enabling only profiles > like consolekit that provide no authentication option leave the system > accepting any password. > I realize this is messy in the code, but I think we need to actually > check that the auth stack contains an entry and require more profiles > if that is not true. Do you think this needs to be treated as serious, given that this isn't a state users will end up in automatically (unlike the previous iteration of the bug)? -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
