Bug#1104505: xrdp: no-change rebuild changes /etc/pam.d/xrdp-sesman

Thu, 01 May 2025 03:57:26 -0700 

Source: xrdp
Version: 0.10.1-3
Severity: serious
User: reproducible-bui...@lists.alioth.debian.org
Usertag: environment
X-Debbugs-CC: reproducible-bui...@lists.alioth.debian.org

Hi,
when doing a no-change binary rebuild of xrdp, the resulting .deb has a different content for /etc/pam.d/xrdp-sesman: 

─ ./etc/pam.d/xrdp-sesman
@@ -1,14 +1,5 @@
 #%PAM-1.0
-auth     required  pam_env.so readenv=1
-auth     required  pam_env.so readenv=1 envfile=/etc/default/locale
-@include common-auth
--auth    optional  pam_gnome_keyring.so
--auth    optional  pam_kwallet5.so
-
-@include common-account
-
-@include common-password
-
-@include common-session
--session optional  pam_gnome_keyring.so auto_start
--session optional  pam_kwallet5.so auto_start
+auth        include     common-auth
+account     include     common-account
+session     include     common-session
+password    include     common-password

Reporting as serious, as this makes xrdp binNMU-unsafe.
From what it looks like, xrdp autodetects which OS-specific set of PAM config it should use, and the detection now uses the "suse" set instead of the "debian" set. 

Best,
Chris

Reply via email to