Bug#1077184: systemd: /etc/sysctl.conf is no longer read

Vincent Lefevre vincent at vinc17.net
Fri Jul 26 14:00:17 BST 2024 

Package: systemd
Version: 256.4-2
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: Debian Security Team <team at security.debian.org>

The /etc/sysctl.conf file is no longer read, while I have security
settings there.

I suspect that the cause is

  * Drop /etc/sysctl.d/99-sysctl.conf symlink procps no longer ships
    /etc/sysctl.conf (Closes: #1076190)

which is wrong!

cventin:~> dpkg -S /etc/sysctl.conf
procps: /etc/sysctl.conf

with procps 2:4.0.4-5.

Perhaps procps no longer ships /etc/sysctl.conf *by default*, but
existing installations still have it (a machine I installed in
January still has this file).

-- Package-specific info:

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.9.10-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemd depends on:
ii  libacl1            2.3.2-2
ii  libapparmor1       3.1.7-1+b1
ii  libaudit1          1:3.1.2-4+b1
ii  libblkid1          2.40.2-1
ii  libc6              2.39-6
ii  libcap2            1:2.66-5
ii  libmount1          2.40.2-1
ii  libpam0g           1.5.3-7
ii  libseccomp2        2.5.5-1+b1
ii  libselinux1        3.5-2+b3
ii  libssl3t64         3.2.2-1
ii  libsystemd-shared  256.4-2
ii  libsystemd0        256.4-2
ii  mount              2.40.2-1

Versions of packages systemd recommends:
ii  dbus [default-dbus-system-bus]   1.14.10-4+b1
ii  libzstd1                         1.5.6+dfsg-1
ii  linux-sysctl-defaults            4.10.1
ii  systemd-cryptsetup               256.4-2
ii  systemd-timesyncd [time-daemon]  256.4-2

Versions of packages systemd suggests:
ii  libcryptsetup12       2:2.7.2-2
ii  libgcrypt20           1.11.0-2
ii  libidn2-0             2.3.7-2
ii  liblz4-1              1.9.4-3
ii  liblzma5              5.6.2-2
pn  libtss2-rc0t64        <none>
pn  libtss2-tcti-device0  <none>
ii  polkitd               124-3
pn  systemd-boot          <none>
pn  systemd-container     <none>
pn  systemd-homed         <none>
pn  systemd-repart        <none>
pn  systemd-resolved      <none>
pn  systemd-userdbd       <none>

Versions of packages systemd is related to:
ii  dbus-user-session  1.14.10-4+b1
pn  dracut             <none>
ii  initramfs-tools    0.142
ii  libnss-systemd     256.4-2
ii  libpam-systemd     256.4-2
ii  udev               256.4-2

-- no debconf information

-- 
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

More information about the Pkg-systemd-maintainers mailing list