| 2019-12-04 11:23:00 |
Balint Reczey |
bug |
|
|
added bug |
| 2019-12-04 11:23:31 |
Balint Reczey |
pam (Ubuntu): assignee |
|
Balint Reczey (rbalint) |
|
| 2019-12-04 11:23:36 |
Balint Reczey |
pam (Ubuntu): status |
New |
In Progress |
|
| 2019-12-04 14:39:07 |
Balint Reczey |
attachment added |
|
0001-pam_motd-Export-MOTD_SHOWN-pam-after-showing-MOTD.patch https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1855092/+attachment/5309779/+files/0001-pam_motd-Export-MOTD_SHOWN-pam-after-showing-MOTD.patch |
|
| 2019-12-04 15:11:40 |
Balint Reczey |
description |
[Impact]
* Users of containers may never see the MOTD of the container if they are always to the container's shell without PAM being involved.
* MOTD contains important information about the system's health including the security updates to be installed thus it is desired to show MOTD in container shells, too.
* The fix in update-motd is creating a snippet in /etc/profile.d which shows MOTD, but only if UPDATE_MOTD is not set, to avoid printing MOTD twice.
[Test Case]
* Log in to the system, where PAM prints the MOTD.
* After seeing the MOTD observe MOTD_SHOWN set:
$ echo $MOTD_SHOWN
pam
$
[Regression Potential]
* The fix is simple thus i is unlikely to see any regression due to bad implementation.
* The newly set environment variable may interact with existing software, but this variable seems to be not used:
https://codesearch.debian.net/search?q=MOTD_SHOWN&literal=1 |
[Impact]
* Users of containers may never see the MOTD of the container if they are always to the container's shell without PAM being involved.
* MOTD contains important information about the system's health including the security updates to be installed thus it is desired to show MOTD in container shells, too.
* The fix in update-motd is creating a snippet in /etc/profile.d which shows MOTD, but only if UPDATE_MOTD is not set, to avoid printing MOTD twice.
[Test Case]
* Log in to the system, where PAM prints the MOTD.
* After seeing the MOTD observe MOTD_SHOWN set:
$ echo $MOTD_SHOWN
pam
$
[Regression Potential]
* The fix is simple thus it is unlikely to see any regression due to bad implementation.
* The newly set environment variable may interact with existing software, but this variable seems to be not used:
https://codesearch.debian.net/search?q=MOTD_SHOWN&literal=1 |
|
| 2019-12-04 16:27:34 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
| 2019-12-06 19:53:21 |
Brian Murray |
pam (Ubuntu Eoan): status |
New |
Fix Committed |
|
| 2019-12-06 19:53:23 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2019-12-06 19:53:26 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
| 2019-12-06 19:53:29 |
Brian Murray |
tags |
patch |
patch verification-needed verification-needed-eoan |
|
| 2019-12-07 08:59:08 |
Balint Reczey |
tags |
patch verification-needed verification-needed-eoan |
patch verification-needed verification-needed-eoan wsl |
|
| 2019-12-07 22:13:03 |
Launchpad Janitor |
pam (Ubuntu): status |
In Progress |
Fix Released |
|
| 2019-12-16 14:38:47 |
Balint Reczey |
tags |
patch verification-needed verification-needed-eoan wsl |
patch verification-done verification-done-eoan wsl |
|
| 2019-12-17 13:25:50 |
Balint Reczey |
description |
[Impact]
* Users of containers may never see the MOTD of the container if they are always to the container's shell without PAM being involved.
* MOTD contains important information about the system's health including the security updates to be installed thus it is desired to show MOTD in container shells, too.
* The fix in update-motd is creating a snippet in /etc/profile.d which shows MOTD, but only if UPDATE_MOTD is not set, to avoid printing MOTD twice.
[Test Case]
* Log in to the system, where PAM prints the MOTD.
* After seeing the MOTD observe MOTD_SHOWN set:
$ echo $MOTD_SHOWN
pam
$
[Regression Potential]
* The fix is simple thus it is unlikely to see any regression due to bad implementation.
* The newly set environment variable may interact with existing software, but this variable seems to be not used:
https://codesearch.debian.net/search?q=MOTD_SHOWN&literal=1 |
[Impact]
* Users of containers may never see the MOTD of the container if they are always to the container's shell without PAM being involved.
* MOTD contains important information about the system's health including the security updates to be installed thus it is desired to show MOTD in container shells, too.
* The fix in update-motd is creating a snippet in /etc/profile.d which shows MOTD, but only if UPDATE_MOTD is not set, to avoid printing MOTD twice.
[Test Case]
* Log in to the system, where PAM prints the MOTD.
* After seeing the MOTD observe MOTD_SHOWN set:
$ echo $MOTD_SHOWN
pam
$
[Regression Potential]
* The fix is simple thus it is unlikely to see any regression due to bad implementation.
* The newly set environment variable may interact with existing software, but this variable seems to be not used:
https://codesearch.debian.net/search?q=MOTD_SHOWN&literal=1
* With this change pam_motd module starts reporting errors and, most of the time, success. This is being refined at upstream to not report success, just PAM_IGNORE and errors: https://github.com/linux-pam/linux-pam/pull/157 . The behaviour change should not cause any issue on real-life systems since the return value of pam_motd is not used by default nor can we expect any configuration using it since it always returned PAM_IGNORE:
$ grep -A1 -B5 pam_motd /etc/pam.d/login
# Prints the message of the day upon successful login.
# (Replaces the `MOTD_FILE' option in login.defs)
# This includes a dynamically generated part from /run/motd.dynamic
# and a static (admin-editable) part from /etc/motd.
session optional pam_motd.so motd=/run/motd.dynamic
session optional pam_motd.so noupdate
However, I plan reverting the behaviour change in the follow-up upload (LP: #1856703) right after it is finalized at upstream. I propose releasing this change in the current form to Eoan, because it is needed by the update-motd SRU and the ubuntu-meta SRU that enables printing MOTD in the Eoan Ubuntu WSL instances. |
|
| 2019-12-19 10:11:48 |
Launchpad Janitor |
pam (Ubuntu Eoan): status |
Fix Committed |
Fix Released |
|
| 2019-12-19 10:11:53 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2019-12-20 19:41:51 |
Francis Ginther |
tags |
patch verification-done verification-done-eoan wsl |
id-5d78fc6cca6d1b77a77952cc patch verification-done verification-done-eoan wsl |
|
