Bug#1017467: libpam-systemd: upgrade broke unix_chkpwd fallback for root user
Christian Göttsche
cgzones at googlemail.com
Tue Aug 16 15:41:40 BST 2022
Package: libpam-systemd
Version: 251.4-1
Severity: critical
Since the upgrade to 251.4-1 root logins (via local_login or ssh) do
not fallback to query the password via unix_chkpwd(8) in case
/etc/shadow in not read-able.
Other accounts continue to work.
On SELinux enabled systems this is the desired behavior to limit the
access on /etc/shadow to trusted binaries.
-- System Information (after downgrade):
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.18.0-4-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: debian
Versions of packages libpam-systemd depends on:
ii dbus [default-dbus-system-bus] 1.14.0-2
ii dbus-broker [dbus-system-bus] 32-1
ii libc6 2.34-3
ii libcap2 1:2.44-1
ii libpam-runtime 1.4.0-13
ii libpam0g 1.4.0-13
ii systemd 251.3-1
ii systemd-sysv 251.3-1
Versions of packages libpam-systemd recommends:
ii dbus-user-session 1.14.0-2
libpam-systemd suggests no packages.
-- no debconf information
More information about the Pkg-systemd-maintainers
mailing list