pam-auth-update does not prohibit selecting an empty set of modules
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pam (Debian) |
Fix Released
|
Unknown
|
|||
pam (Ubuntu) |
Fix Released
|
High
|
Steve Langasek | ||
Intrepid |
Fix Released
|
High
|
Kees Cook | ||
Jaunty |
Fix Released
|
High
|
Kees Cook | ||
Karmic |
Fix Released
|
High
|
Steve Langasek |
Bug Description
If:
- You set the debconf priority to medium or lower.
- You are using the readline frontend instead of the default dialog or GNOME frontend.
- You do not have libterm-
then pam-auth-update will by default enable *no* profiles, resulting in an insecure system that lets anyone in as any user, with or without a password.
The fix for this is pending in bzr for Debian unstable and karmic.
ProblemType: Bug
Architecture: amd64
Date: Fri Aug 7 09:05:33 2009
DistroRelease: Ubuntu 9.10
Package: libpam-runtime 1.0.1-9ubuntu3
PackageArchitec
ProcEnviron:
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSign
SourcePackage: pam
Uname: Linux 2.6.31-5-generic x86_64
Changed in pam (Ubuntu Intrepid): | |
importance: | Undecided → High |
status: | New → Triaged |
Changed in pam (Ubuntu Jaunty): | |
importance: | Undecided → High |
status: | New → Triaged |
Changed in pam (Ubuntu Karmic): | |
assignee: | nobody → Steve Langasek (vorlon) |
importance: | Undecided → High |
status: | New → Triaged |
visibility: | private → public |
Changed in pam (Debian): | |
status: | Unknown → Fix Committed |
Changed in pam (Ubuntu Intrepid): | |
assignee: | nobody → Kees Cook (kees) |
status: | Triaged → In Progress |
Changed in pam (Ubuntu Jaunty): | |
assignee: | nobody → Kees Cook (kees) |
status: | Triaged → In Progress |
Changed in pam (Ubuntu Jaunty): | |
status: | In Progress → Fix Committed |
Changed in pam (Ubuntu Intrepid): | |
status: | In Progress → Fix Committed |
Changed in pam (Debian): | |
status: | Fix Committed → Confirmed |
Changed in pam (Debian): | |
status: | Confirmed → Fix Released |
patch for intrepid.