:: [devuan-dev] bug#805: openrc: super…
Top Page
Delete this message
Reply to this message
Author: meow
Date:  
To: submit
Subject: [devuan-dev] bug#805: openrc: supervise-daemon: missing PAM configuration
Spam detection software, running on the system "lists",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.

Content preview: Package: openrc X-Debbugs-Cc: 0.45.2-2 Severity: grave Justification:
user security hole Tags: security patch Dear Maintainer, the openrc package
is missing the /etc/pam.d/supervise-daemon file. this file is in upstream.
due to the absence of this file, settings from /etc/security are not applied
to supervise [...]

Content analysis details: (5.4 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
                            blocked.  See
                            http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                             for more information.
                            [URIs: github.com]
 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
                            digit (lorietta2023[at]gmail.com)
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
                            provider (lorietta2023[at]gmail.com)
 3.6 RCVD_IN_SBL_CSS        RBL: Received via a relay in Spamhaus SBL-CSS
                            [188.113.129.102 listed in zen.spamhaus.org]
 0.0 DKIM_ADSP_CUSTOM_MED   No valid author signature, adsp_override is
                             CUSTOM_MED
 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
                            mail domains are different
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                            valid
 0.0 T_DKIM_INVALID         DKIM-Signature header exists but is not valid
 0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and
                            EnvelopeFrom freemail headers are
                            different
 0.0 KHOP_DYNAMIC           Relay looks like a dynamic address
 0.0 UNPARSEABLE_RELAY      Informational: message has unparseable relay
                            lines
 1.2 NML_ADSP_CUSTOM_MED    ADSP custom_med hit, and not from a mailing
                            list


The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.

Package: openrc
X-Debbugs-Cc: lorietta2023@???
Version: 0.45.2-2
Severity: grave
Justification: user security hole
Tags: security patch

Dear Maintainer,
the openrc package is missing the /etc/pam.d/supervise-daemon file.
this file is in upstream. due to the absence of this file, settings from /etc/security are not applied to supervise-daemon, which can lead to very sad consequences.

solution: include in the 'openrc' package the file '/etc/pam.d/supervise-daemon' with the following content:

#%PAM-1.0
auth required pam_permit.so
account required pam_permit.so
password required pam_deny.so
session optional pam_limits.so

upstream: https://github.com/OpenRC/openrc/blob/master/src/supervise-daemon/supervise-daemon.pam

-- System Information:
Distributor ID:    Devuan
Description:    Devuan GNU/Linux 5 (daedalus)
Release:    5
Codename:    daedalus
Architecture: x86_64
Kernel: Linux 6.1.0-13-amd64 (SMP w/6 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: OpenRC (via /run/openrc)


Versions of packages openrc depends on:
ii  insserv      1.24.0-1
ii  libaudit1    1:3.0.9-1
ii  libc6        2.36-9+deb12u3
ii  libeinfo1    0.45.2-2
ii  libpam0g     1.5.2-6+deb12u1
ii  librc1       0.45.2-2
ii  libselinux1  3.4-1+b6


openrc recommends no packages.

Versions of packages openrc suggests:
pn  policycoreutils  <none>
pn  sysvinit-core    <none>


-- Configuration Files:
/etc/init.d/agetty [Errno 13] Permission denied: '/etc/init.d/agetty'
/etc/init.d/cgroups [Errno 13] Permission denied: '/etc/init.d/cgroups'
/etc/init.d/rc [Errno 13] Permission denied: '/etc/init.d/rc'
/etc/init.d/rcS [Errno 13] Permission denied: '/etc/init.d/rcS'
/etc/init.d/savecache [Errno 13] Permission denied: '/etc/init.d/savecache'
/etc/rc.conf changed [not included]

-- no debconf information