diff options
author | Steve Langasek <vorlon@debian.org> | 2008-08-08 10:37:15 -0700 |
---|---|---|
committer | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 17:28:19 -0800 |
commit | 5a550d7dd3da165bb6879fbbc10d18c6aa483659 (patch) | |
tree | 4fe0dc487d2c1df453a9d0875a9ee917a4a38da5 | |
parent | 6824e112b77a535fd22e593b78c5f42b2926a29e (diff) |
debian/patches/054_pam_security_abstract_securetty_handling: move the
warning log about an insecure tty back to pam_securetty proper; we
don't want to generate log messages every time pam_unix is called as
non-root. Closes: #493283. As a side-effect, pam_unix no longer
logs any warnings about NULL password + insecure tty, but I don't
think this is critical.
-rw-r--r-- | debian/changelog | 6 | ||||
-rw-r--r-- | debian/patches-applied/054_pam_security_abstract_securetty_handling | 9 |
2 files changed, 11 insertions, 4 deletions
diff --git a/debian/changelog b/debian/changelog index c73ca052..0ce24348 100644 --- a/debian/changelog +++ b/debian/changelog @@ -14,6 +14,12 @@ pam (1.0.1-2) UNRELEASED; urgency=low * Build-Conflict with libdb4.2-dev, which satisfies the libdb-dev build-dependency but causes pam_userdb to be silently omitted. Closes: #493574. + * debian/patches/054_pam_security_abstract_securetty_handling: move the + warning log about an insecure tty back to pam_securetty proper; we + don't want to generate log messages every time pam_unix is called as + non-root. Closes: #493283. As a side-effect, pam_unix no longer + logs any warnings about NULL password + insecure tty, but I don't + think this is critical. -- Steve Langasek <vorlon@debian.org> Wed, 30 Jul 2008 00:55:10 -0700 diff --git a/debian/patches-applied/054_pam_security_abstract_securetty_handling b/debian/patches-applied/054_pam_security_abstract_securetty_handling index cd98a914..76318c43 100644 --- a/debian/patches-applied/054_pam_security_abstract_securetty_handling +++ b/debian/patches-applied/054_pam_security_abstract_securetty_handling @@ -33,7 +33,7 @@ Index: pam.deb/modules/pam_securetty/pam_securetty.c /* log a trail for debugging */ if (ctrl & PAM_DEBUG_ARG) { -@@ -101,63 +97,10 @@ +@@ -101,63 +97,13 @@ return PAM_SERVICE_ERR; } @@ -98,6 +98,9 @@ Index: pam.deb/modules/pam_securetty/pam_securetty.c + if ((retval == PAM_SUCCESS) && (ctrl & PAM_DEBUG_ARG)) { + pam_syslog(pamh, LOG_DEBUG, "access allowed for '%s' on '%s'", + username, uttyname); ++ } else if (retval != PAM_SUCCESS) { ++ pam_syslog(pamh, LOG_WARNING, "access denied: tty '%s' is not secure !", ++ uttyname); } return retval; @@ -105,7 +108,7 @@ Index: pam.deb/modules/pam_securetty/tty_secure.c =================================================================== --- /dev/null +++ pam.deb/modules/pam_securetty/tty_secure.c -@@ -0,0 +1,92 @@ +@@ -0,0 +1,90 @@ +/* + * A function to determine if a particular line is in /etc/securetty + */ @@ -191,8 +194,6 @@ Index: pam.deb/modules/pam_securetty/tty_secure.c + fclose(ttyfile); + + if(retval) { -+ pam_syslog(pamh, LOG_WARNING, "access denied: tty '%s' is not secure !", -+ uttyname); + retval = PAM_AUTH_ERR; + } + |