X-Loop: [email protected] Subject: bug#805: openrc: supervise-daemon: missing PAM configuration Reply-To: meow <[email protected]>, [email protected] Resent-From: meow <[email protected]> Resent-To: [email protected] Resent-CC: [email protected], [email protected] X-Loop: [email protected] Resent-Date: Thu, 23 Nov 2023 00:02:01 +0000 Resent-Message-ID: <[email protected]> Resent-Sender: [email protected] X-Devuan-PR-Message: report 805 X-Devuan-PR-Package: openrc X-Devuan-PR-Keywords: patch Received: via spool by [email protected] id=B.170069760221319 (code B); Thu, 23 Nov 2023 00:02:01 +0000 Received: (at submit) by bugs.devuan.org; 23 Nov 2023 00:00:02 +0000 Delivered-To: [email protected] Received: from email.devuan.org [2a01:4f8:a0:3284::74ca:8ad2] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Thu, 23 Nov 2023 00:00:02 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id /FCsB2aUXmVpKQAAmSBk0A (envelope-from <[email protected]>) for <[email protected]>; Wed, 22 Nov 2023 23:53:10 +0000 Received: by email.devuan.org (Postfix, from userid 109) id 1474C679; Wed, 22 Nov 2023 23:53:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: *** X-Spam-Status: No, score=3.5 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE, RCVD_IN_SBL_CSS,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2607:f8b0:4864:20::242; helo=mail-oi1-x242.google.com; [email protected]; receiver=<UNKNOWN> Received: from mail-oi1-x242.google.com (mail-oi1-x242.google.com [IPv6:2607:f8b0:4864:20::242]) by email.devuan.org (Postfix) with ESMTPS id 4A62559 for <[email protected]>; Wed, 22 Nov 2023 23:53:04 +0000 (UTC) Received: by mail-oi1-x242.google.com with SMTP id 5614622812f47-3b8400b5de0so238961b6e.3 for <[email protected]>; Wed, 22 Nov 2023 15:53:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1700697182; x=1701301982; darn=bugs.devuan.org; h=content-transfer-encoding:mime-version:message-id:subject:to:from :date:from:to:cc:subject:date:message-id:reply-to; bh=0U8dUqhA1AxeKP2XkSSuwV1B75kNZhWhL4+hA/pLrHg=; b=m+Y9S36x20sFi20VS84TNaM9AcW13P6iV+XIn7TkbcS4VMLCv1VRslhiv4wKQDCisV T0ksnWra969gQxcTGdm+IRM6is5MYljTAcEEo4L8N9XEpH24Uwv+YymQnWD2OW+3Gf6B Z9/4j3lThdAWdpIM3V24cywwqD9D+9K3LVXohmKX9DtveSXm1DqUMnOSvKfDNzYwsF8c Vb+y0Xpi3oiSAjwWFsvfh9AxN2VkBB8rL4dViOeT4JYATGtfWrFI2HM3OrSnD9zNaywO VoOQmID7YqcSB37dKrwi3RMFZet+g6Uw3S5DG9jqiKOFJCzpsPOU9hAK2R6CYbVqDMPS DZiw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700697182; x=1701301982; h=content-transfer-encoding:mime-version:message-id:subject:to:from :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=0U8dUqhA1AxeKP2XkSSuwV1B75kNZhWhL4+hA/pLrHg=; b=pOYYoFDYihhKRJfpkSZBvDai2E6o6HtrI7J+WbpHzQP/zL5EHMX5Plz9zUwqWZRx8U kfVRV5iEVhkEm+Mh8p+vVcHmg3s5OTokQMrjeIwT2D1OLyUqaJInxP+SZHNqxtu1WUGs +cc9Tb7d6crJCDl6ffNbjf9rQt2wjpRbcfrJqv5rt7N6t0N7fYX49Z1ONmZN8nr3IcCk IlCarsdJiuy1bzspaVvw+u+H0eRlAze7heXM/KSKc+AFZjshyigj+VUy0j/+r/JG03tM EAlxz6Xwd5IC+OJnYOsV3LSnXjxQRTWcvZdoUL4sqZg7FjM1YIzScAhJxpYB7kdVOVUQ t2gA== X-Gm-Message-State: AOJu0YwHil/atPERmYpUYuBu188iZh1K0E1ffZxNA7DpGUjGFZByNsWt PFPNadrux0GXmehnUm6Gbyntv545N+kifw== X-Google-Smtp-Source: AGHT+IFxpxuLJVTCV/bBxrv3KryGEslqiR0/gwVQvqf+dM6gwxox2by1V770ksThib6Or9FNuOJUvQ== X-Received: by 2002:a05:6808:169e:b0:3b5:84b0:6be6 with SMTP id bb30-20020a056808169e00b003b584b06be6mr5419972oib.47.1700697181732; Wed, 22 Nov 2023 15:53:01 -0800 (PST) Received: from [127.0.0.1] ([188.113.129.102]) by smtp.gmail.com with ESMTPSA id a6-20020a056808128600b003b83c13c570sm17268oiw.16.2023.11.22.15.53.00 for <[email protected]> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 22 Nov 2023 15:53:01 -0800 (PST) Date: Thu, 23 Nov 2023 00:50:36 +0000 From: meow <[email protected]> To: [email protected] Message-ID: <[email protected]> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=----OJMSDHN9AM3A4DH0R9PBFVNV2N8W87 Content-Transfer-Encoding: 7bit ------OJMSDHN9AM3A4DH0R9PBFVNV2N8W87 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Package: openrc X-Debbugs-Cc: lorietta2023@gmail=2Ecom Version: 0=2E45=2E2-2 Severity: grave Justification: user security hole Tags: security patch Dear Maintainer, the openrc package is missing the /etc/pam=2Ed/supervise-daemon file=2E=20 this file is in upstream=2E due to the absence of this file, settings from= /etc/security are not applied to supervise-daemon, which can lead to very = sad consequences=2E solution: include in the 'openrc' package the file '/etc/pam=2Ed/supervise= -daemon' with the following content: #%PAM-1=2E0 auth required pam_permit=2Eso account required pam_permit=2Eso password required pam_deny=2Eso session optional pam_limits=2Eso upstream: https://github=2Ecom/OpenRC/openrc/blob/master/src/supervise-dae= mon/supervise-daemon=2Epam -- System Information: Distributor ID: Devuan Description: Devuan GNU/Linux 5 (daedalus) Release: 5 Codename: daedalus Architecture: x86_64 Kernel: Linux 6=2E1=2E0-13-amd64 (SMP w/6 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE Locale: LANG=3Den_US=2EUTF-8, LC_CTYPE=3Den_US=2EUTF-8 (charmap=3DUTF-8), = LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: OpenRC (via /run/openrc) Versions of packages openrc depends on: ii insserv 1=2E24=2E0-1 ii libaudit1 1:3=2E0=2E9-1 ii libc6 2=2E36-9+deb12u3 ii libeinfo1 0=2E45=2E2-2 ii libpam0g 1=2E5=2E2-6+deb12u1 ii librc1 0=2E45=2E2-2 ii libselinux1 3=2E4-1+b6 openrc recommends no packages=2E Versions of packages openrc suggests: pn policycoreutils <none> pn sysvinit-core <none> -- Configuration Files: /etc/init=2Ed/agetty [Errno 13] Permission denied: '/etc/init=2Ed/agetty' /etc/init=2Ed/cgroups [Errno 13] Permission denied: '/etc/init=2Ed/cgroups= ' /etc/init=2Ed/rc [Errno 13] Permission denied: '/etc/init=2Ed/rc' /etc/init=2Ed/rcS [Errno 13] Permission denied: '/etc/init=2Ed/rcS' /etc/init=2Ed/savecache [Errno 13] Permission denied: '/etc/init=2Ed/savec= ache' /etc/rc=2Econf changed [not included] -- no debconf information ------OJMSDHN9AM3A4DH0R9PBFVNV2N8W87 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <!DOCTYPE html><html><body><div dir=3D"auto">Package: openrc<br>X-Debbugs-C= c: lorietta2023@gmail=2Ecom<br>Version: 0=2E45=2E2-2<br>Severity: grave<br>= Justification: user security hole<br>Tags: security patch<br><br>Dear Maint= ainer,<br>the openrc package is missing the /etc/pam=2Ed/supervise-daemon f= ile=2E <br>this file is in upstream=2E due to the absence of this file, set= tings from /etc/security are not applied to supervise-daemon, which can lea= d to very sad consequences=2E<br><br>solution: include in the 'openrc' pack= age the file '/etc/pam=2Ed/supervise-daemon' with the following content:<br= >#%PAM-1=2E0<br>auth required pam_permit=2Eso<br>account required pam_permi= t=2Eso<br>password required pam_deny=2Eso<br>session optional pam_limits=2E= so<br><br>upstream: <a href=3D"https://github=2Ecom/OpenRC/openrc/blob/mast= er/src/supervise-daemon/supervise-daemon=2Epam">https://github=2Ecom/OpenRC= /openrc/blob/master/src/supervise-daemon/supervise-daemon=2Epam</a><br><br>= -- System Information:<br>Distributor ID: Devuan<br>Description: Devuan GNU= /Linux 5 (daedalus)Release: 5<br>Codename: daedalus<br>Architecture: x86_64= <br>Kernel: Linux 6=2E1=2E0-13-amd64 (SMP w/6 CPU threads; PREEMPT)<br>Kern= el taint flags: TAINT_OOT_MODULE<br>Locale: LANG=3Den_US=2EUTF-8, LC_CTYPE= =3Den_US=2EUTF-8 (charmap=3DUTF-8), LANGUAGE not set<br>Shell: /bin/sh link= ed to /bin/dash<br>Init: OpenRC (via /run/openrc)<br><br>Versions of packag= es openrc depends on:<br>ii=C2=A0 insserv=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 1= =2E24=2E0-1<br>ii=C2=A0 libaudit1=C2=A0=C2=A0=C2=A0 1:3=2E0=2E9-1<br>ii=C2= =A0 libc6=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 2=2E36-9+deb12u3<br>ii= =C2=A0 libeinfo1=C2=A0=C2=A0=C2=A0 0=2E45=2E2-2<br>ii=C2=A0 libpam0g=C2=A0= =C2=A0=C2=A0=C2=A0 1=2E5=2E2-6+deb12u1<br>ii=C2=A0 librc1=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0 0=2E45=2E2-2<br>ii=C2=A0 libselinux1=C2=A0 3=2E4-1+b6<br= ><br>openrc recommends no packages=2E<br><br>Versions of packages openrc su= ggests:<br>pn=C2=A0 policycoreutils=C2=A0 <none><br>pn=C2=A0 sysvinit= -core=C2=A0=C2=A0=C2=A0 <none><br><br>-- Configuration Files:<br>/etc= /init=2Ed/agetty [Errno 13] Permission denied: '/etc/init=2Ed/agetty'<br>/e= tc/init=2Ed/cgroups [Errno 13] Permission denied: '/etc/init=2Ed/cgroups'<b= r>/etc/init=2Ed/rc [Errno 13] Permission denied: '/etc/init=2Ed/rc'<br>/etc= /init=2Ed/rcS [Errno 13] Permission denied: '/etc/init=2Ed/rcS'<br>/etc/ini= t=2Ed/savecache [Errno 13] Permission denied: '/etc/init=2Ed/savecache'<br>= /etc/rc=2Econf changed [not included]<br><br>-- no debconf information</div= ></body></html> ------OJMSDHN9AM3A4DH0R9PBFVNV2N8W87--
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 X-Loop: [email protected] From: "Devuan bug Tracking System" <[email protected]> To: meow <[email protected]> Subject: bug#805: Acknowledgement (openrc: supervise-daemon: missing PAM configuration) Message-ID: <[email protected]> References: <[email protected]> X-Devuan-PR-Message: ack 805 X-Devuan-PR-Package: openrc X-Devuan-PR-Keywords: patch Reply-To: [email protected] Date: Thu, 23 Nov 2023 00:02:03 +0000 Thank you for filing a new bug report with Devuan. You can follow progress on this bug here: 805: https://bugs.devuan.org/cgi/= bugreport.cgi?bug=3D805. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. As you requested using X-Debbugs-CC, your message was also forwarded to [email protected] (after having been given a bug report number, if it did not have one). Your message has been sent to the package maintainer(s): [email protected] If you wish to submit further information on this problem, please send it to [email protected]. Please do not send mail to [email protected] unless you wish to report a problem with the Bug-tracking system. --=20 805: https://bugs.devuan.org/cgi/bugreport.cgi?bug=3D805 Devuan Bug Tracking System Contact [email protected] with problems
X-Loop: [email protected] Subject: bug#805: openrc: supervise-daemon: missing PAM configuration Reply-To: Mark Hindley <[email protected]>, [email protected] Resent-From: Mark Hindley <[email protected]> Resent-To: [email protected] Resent-CC: [email protected] X-Loop: [email protected] Resent-Date: Thu, 23 Nov 2023 19:58:01 +0000 Resent-Message-ID: <[email protected]> Resent-Sender: [email protected] X-Devuan-PR-Message: followup 805 X-Devuan-PR-Package: openrc X-Devuan-PR-Keywords: patch References: <[email protected]> <[email protected]> Received: via spool by [email protected] id=B805.170076942428825 (code B ref 805); Thu, 23 Nov 2023 19:58:01 +0000 Received: (at 805) by bugs.devuan.org; 23 Nov 2023 19:57:04 +0000 Delivered-To: [email protected] Received: from email.devuan.org [2a01:4f8:a0:3284::74ca:8ad2] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Thu, 23 Nov 2023 19:57:04 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id 9N2sMz+uX2W7HAAAmSBk0A (envelope-from <[email protected]>) for <[email protected]>; Thu, 23 Nov 2023 19:55:43 +0000 Received: by email.devuan.org (Postfix, from userid 109) id C95F1670; Thu, 23 Nov 2023 19:55:43 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: X-Spam-Status: No, score=0.4 required=5.0 tests=RDNS_DYNAMIC,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.36.131.86; helo=mx.hindley.org.uk; [email protected]; receiver=<UNKNOWN> Received: from mx.hindley.org.uk (193-36-131-86.cfwn.uk [193.36.131.86]) by email.devuan.org (Postfix) with ESMTPS id D30ED59 for <[email protected]>; Thu, 23 Nov 2023 19:55:38 +0000 (UTC) Received: from hindley.org.uk (apollo.hindleynet [192.168.1.3]) by mx.hindley.org.uk (Postfix) with SMTP id 74E2115A7; Thu, 23 Nov 2023 19:55:34 +0000 (GMT) Received: (nullmailer pid 29654 invoked by uid 1000); Thu, 23 Nov 2023 19:55:34 -0000 Date: Thu, 23 Nov 2023 19:55:34 +0000 From: Mark Hindley <[email protected]> To: meow <[email protected]>, [email protected] Message-ID: <[email protected]> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <[email protected]> Lorietta, Thanks On Thu, Nov 23, 2023 at 12:50:36AM +0000, meow wrote: > Package: openrc > X-Debbugs-Cc: [email protected] > Version: 0.45.2-2 > Severity: grave > Justification: user security hole > Tags: security patch > Dear Maintainer, > the openrc package is missing the /etc/pam.d/supervise-daemon file. > this file is in upstream. due to the absence of this file, settings > from /etc/security are not applied to supervise-daemon, which can lead > to very sad consequences. Are you sure that is true? What consequences specifically? Whilst you are correct that the upstream pam supervise-daemon is omitted, it isn't correct for a Debian based system. We would need a more tailored pam configuration. In addition, if there is no specific pam configuration, the fallback file /etc/pam.d/other is used # # /etc/pam.d/other - specify the PAM fallback behaviour # # Note that this file is used for any unspecified service; for example #if /etc/pam.d/cron specifies no session modules but cron calls #pam_open_session, the session module out of /etc/pam.d/other is #used. If you really want nothing to happen then use pam_permit.so or #pam_deny.so as appropriate. # We fall back to the system default in /etc/pam.d/common-* # @include common-auth @include common-account @include common-password @include common-session So, there maybe the optional pam_limits that is missing. Do you see anything else? Mark
X-Loop: [email protected] Subject: bug#805: openrc: supervise-daemon: missing PAM configuration Reply-To: meow <[email protected]>, [email protected] Resent-From: meow <[email protected]> Resent-To: [email protected] Resent-CC: [email protected] X-Loop: [email protected] Resent-Date: Fri, 24 Nov 2023 02:56:01 +0000 Resent-Message-ID: <[email protected]> Resent-Sender: [email protected] X-Devuan-PR-Message: followup 805 X-Devuan-PR-Package: openrc X-Devuan-PR-Keywords: patch References: <[email protected]> <[email protected]> <[email protected]> Received: via spool by [email protected] id=B805.17007945357363 (code B ref 805); Fri, 24 Nov 2023 02:56:01 +0000 Received: (at 805) by bugs.devuan.org; 24 Nov 2023 02:55:35 +0000 Delivered-To: [email protected] Received: from email.devuan.org [2a01:4f8:a0:3284::74ca:8ad2] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Fri, 24 Nov 2023 02:55:35 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id bqRMBqYQYGUaRAAAmSBk0A (envelope-from <[email protected]>) for <[email protected]>; Fri, 24 Nov 2023 02:55:34 +0000 Received: by email.devuan.org (Postfix, from userid 109) id 0FD74670; Fri, 24 Nov 2023 02:55:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2607:f8b0:4864:20::341; helo=mail-ot1-x341.google.com; [email protected]; receiver=<UNKNOWN> Received: from mail-ot1-x341.google.com (mail-ot1-x341.google.com [IPv6:2607:f8b0:4864:20::341]) by email.devuan.org (Postfix) with ESMTPS id 0404042 for <[email protected]>; Fri, 24 Nov 2023 02:55:27 +0000 (UTC) Received: by mail-ot1-x341.google.com with SMTP id 46e09a7af769-6d7fa93afe9so653799a34.2 for <[email protected]>; Thu, 23 Nov 2023 18:55:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1700794526; x=1701399326; darn=bugs.devuan.org; h=content-transfer-encoding:mime-version:message-id:references :in-reply-to:subject:to:from:date:from:to:cc:subject:date:message-id :reply-to; bh=nb1uebZL3ibCXh3ccD1Oj0WeXMJ7Tv5ia3IuDBWiIEU=; b=Xm55VP9rslV9pQiG7aFqBhIoBmDfedkgfnPnaLvqVUd9uQkugTOPHAYaSwTH2o/BvM ubwsqbnhHWYiJ1QbATTN+uNe06CGJqrrwxfgLUx0dXSKcj9CW9eqPumq5WdQk0oUO9mJ KnbVtFYGzGpCIN4wZN8OIli+tzpRgLX6Vl2QYdRDKnOptWvHJt7mlA6xBkcHC3485or7 Iu7wmwIv3DG5y+C29DYi2gL5WvkFy2Dn7MtLrKv6o4J0bhsabgaHfosv/iKi1PjW5slk Ym7duRVjGbCrBLF8X1lc08K3KCKwpN5WZlTWwPK2GxZvq2rLE7cajrCrSsRQza0avURb r/Bw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700794526; x=1701399326; h=content-transfer-encoding:mime-version:message-id:references :in-reply-to:subject:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nb1uebZL3ibCXh3ccD1Oj0WeXMJ7Tv5ia3IuDBWiIEU=; b=By1XMkPlPCvhD+OHJMxfGKflBFsKo6mXvGiq1VIrRbJ791h+C4OvAMC9kpHFjki6gO 40ci75bipVazh1+J3bQSUkIWxUTE/CRIUNZvM2iHNH+ow1wAPzQOxEJ2MnP7L9/wG8MW e/zq41z4BmJfXaaqTlzQeR4qtmAo/R3X3IfRNL8XQo2IlFkxJKXx62HZoCzeceNapTWU IpqYdDeKHC+O/AgQo0Nhuagl3gqS30kE5b6ymSukU+2B4Etl6OzeCWkGYi2Kbg86fb5l M22dV8IpmCtwrH43SCt2s2Cf3B2ji9gjuyGsawvnFgZy0KnnqDU7fEzfZXR/YBTa2MMv eNFQ== X-Gm-Message-State: AOJu0YxDXJcC1mz9pR1NkGMhE8JTtQg8yikJ+CF7toRLKhLota2m32tK xUhN8r8UGYZlgTE5D1fJWP4= X-Google-Smtp-Source: AGHT+IFzYAEEwNcfceQhAXlJiX8/+Le7y+8ho+/2wfa0RImJCFjE4rkOp2gvsPPeaywxWAw638Paqg== X-Received: by 2002:a05:6870:f783:b0:1ea:c913:3494 with SMTP id fs3-20020a056870f78300b001eac9133494mr1876763oab.6.1700794525665; Thu, 23 Nov 2023 18:55:25 -0800 (PST) Received: from [127.0.0.1] ([188.113.129.102]) by smtp.gmail.com with ESMTPSA id h22-20020a9d6f96000000b006d7f02784eesm377953otq.34.2023.11.23.18.55.24 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 23 Nov 2023 18:55:25 -0800 (PST) Date: Fri, 24 Nov 2023 03:52:58 +0000 From: meow <[email protected]> To: Mark Hindley <[email protected]>, [email protected] In-Reply-To: <[email protected]> Message-ID: <[email protected]> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=----R67SIWYTQF25VNRC0YM7DLCD0STQ03 Content-Transfer-Encoding: 7bit ------R67SIWYTQF25VNRC0YM7DLCD0STQ03 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Example: Local DoS attack due to lack of PAM limits=2E I think it=E2=80=99s safe to either include limits=2Eso in /etc/pam=2E d/o= ther, or add a configuration for supervise-daemon=2E Also, I have a question=2E What exactly is incompatible with debian in the= upstream version of this file? I added this file to my system and everythi= ng works well, limits are applied and supervise-daemon continues in normal = mode=2E On November 23, 2023 7:55:34 PM UTC, Mark Hindley <mark@hindley=2Eorg=2Euk= > wrote: >Lorietta, > >Thanks > >On Thu, Nov 23, 2023 at 12:50:36AM +0000, meow wrote: >> Package: openrc >> X-Debbugs-Cc: lorietta2023@gmail=2Ecom >> Version: 0=2E45=2E2-2 >> Severity: grave >> Justification: user security hole >> Tags: security patch >> Dear Maintainer, >> the openrc package is missing the /etc/pam=2Ed/supervise-daemon file= =2E >> this file is in upstream=2E due to the absence of this file, setting= s >> from /etc/security are not applied to supervise-daemon, which can le= ad >> to very sad consequences=2E > >Are you sure that is true? What consequences specifically? > >Whilst you are correct that the upstream pam supervise-daemon is omitted,= it >isn't correct for a Debian based system=2E We would need a more tailored = pam >configuration=2E > >In addition, if there is no specific pam configuration, the fallback file >/etc/pam=2Ed/other is used > ># ># /etc/pam=2Ed/other - specify the PAM fallback behaviour ># ># Note that this file is used for any unspecified service; for example >#if /etc/pam=2Ed/cron specifies no session modules but cron calls >#pam_open_session, the session module out of /etc/pam=2Ed/other is >#used=2E If you really want nothing to happen then use pam_permit=2Eso o= r >#pam_deny=2Eso as appropriate=2E > ># We fall back to the system default in /etc/pam=2Ed/common-* >#=20 > >@include common-auth >@include common-account >@include common-password >@include common-session > >So, there maybe the optional pam_limits that is missing=2E > >Do you see anything else? > >Mark ------R67SIWYTQF25VNRC0YM7DLCD0STQ03 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><head></head><body><div dir=3D"auto">Example: Local DoS attack due to= lack of PAM limits=2E<br>I think it=E2=80=99s safe to either include limit= s=2Eso in /etc/pam=2E d/other, or add a configuration for supervise-daemon= =2E<br>Also, I have a question=2E What exactly is incompatible with debian = in the upstream version of this file? I added this file to my system and ev= erything works well, limits are applied and supervise-daemon continues in n= ormal mode=2E</div><br><br><div class=3D"gmail_quote"><div dir=3D"auto">On = November 23, 2023 7:55:34 PM UTC, Mark Hindley <mark@hindley=2Eorg=2Euk&= gt; wrote:</div><blockquote class=3D"gmail_quote" style=3D"margin: 0pt 0pt = 0pt 0=2E8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"= > <pre class=3D"k9mail"><div dir=3D"auto">Lorietta,<br><br>Thanks<br><br>On = Thu, Nov 23, 2023 at 12:50:36AM +0000, meow wrote:<br></div><blockquote cla= ss=3D"gmail_quote" style=3D"margin: 0pt 0pt 1ex 0=2E8ex; border-left: 1px s= olid #729fcf; padding-left: 1ex;"><div dir=3D"auto">Package: openrc<br>X-De= bbugs-Cc: lorietta2023@gmail=2Ecom<br>Version: 0=2E45=2E2-2<br>Severity: gr= ave<br>Justification: user security hole<br>Tags: security patch<br>Dear Ma= intainer,<br>the openrc package is missing the /etc/pam=2Ed/supervise-daemo= n file=2E<br>this file is in upstream=2E due to the absence of this file, s= ettings<br>from /etc/security are not applied to supervise-daemon, which ca= n lead<br>to very sad consequences=2E<br></div></blockquote><div dir=3D"aut= o"><br>Are you sure that is true? What consequences specifically?<br><br>Wh= ilst you are correct that the upstream pam supervise-daemon is omitted, it<= br>isn't correct for a Debian based system=2E We would need a more tailored= pam<br>configuration=2E<br><br>In addition, if there is no specific pam co= nfiguration, the fallback file<br>/etc/pam=2Ed/other is used<br><br>#<br># = /etc/pam=2Ed/other - specify the PAM fallback behaviour<br>#<br># Note that= this file is used for any unspecified service; for example<br>#if /etc/pam= =2Ed/cron specifies no session modules but cron calls<br>#pam_open_session= , the session module out of /etc/pam=2Ed/other is<br>#used=2E If you reall= y want nothing to happen then use pam_permit=2Eso or<br>#pam_deny=2Eso as a= ppropriate=2E<br><br># We fall back to the system default in /etc/pam=2Ed/c= ommon-*<br># <br><br>@include common-auth<br>@include common-account<br>@in= clude common-password<br>@include common-session<br><br>So, there maybe the= optional pam_limits that is missing=2E<br><br>Do you see anything else?<br= ><br>Mark<br></div></pre></blockquote></div></body></html> ------R67SIWYTQF25VNRC0YM7DLCD0STQ03--
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 X-Loop: [email protected] From: "Devuan bug Tracking System" <[email protected]> To: meow <[email protected]> Subject: bug#805: Info received (bug#805: openrc: supervise-daemon: missing PAM configuration) Message-ID: <[email protected]> References: <[email protected]> X-Devuan-PR-Message: ack-info 805 X-Devuan-PR-Package: openrc X-Devuan-PR-Keywords: patch Reply-To: [email protected] Date: Fri, 24 Nov 2023 02:56:03 +0000 Thank you for the additional information you have supplied regarding this bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): [email protected] If you wish to submit further information on this problem, please send it to [email protected]. Please do not send mail to [email protected] unless you wish to report a problem with the Bug-tracking system. --=20 805: https://bugs.devuan.org/cgi/bugreport.cgi?bug=3D805 Devuan Bug Tracking System Contact [email protected] with problems
X-Loop: [email protected] Subject: bug#805: openrc: supervise-daemon: missing PAM configuration Reply-To: Mark Hindley <[email protected]>, [email protected] Resent-From: Mark Hindley <[email protected]> Resent-To: [email protected] Resent-CC: [email protected] X-Loop: [email protected] Resent-Date: Fri, 24 Nov 2023 18:18:01 +0000 Resent-Message-ID: <[email protected]> Resent-Sender: [email protected] X-Devuan-PR-Message: followup 805 X-Devuan-PR-Package: openrc X-Devuan-PR-Keywords: patch References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> Received: via spool by [email protected] id=B805.170084979223213 (code B ref 805); Fri, 24 Nov 2023 18:18:01 +0000 Received: (at 805) by bugs.devuan.org; 24 Nov 2023 18:16:32 +0000 Delivered-To: [email protected] Received: from email.devuan.org [2a01:4f8:a0:3284::74ca:8ad2] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Fri, 24 Nov 2023 18:16:32 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id FpL2BXHoYGUmEgAAmSBk0A (envelope-from <[email protected]>) for <[email protected]>; Fri, 24 Nov 2023 18:16:17 +0000 Received: by email.devuan.org (Postfix, from userid 109) id 07303722; Fri, 24 Nov 2023 18:16:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: X-Spam-Status: No, score=0.4 required=5.0 tests=RDNS_DYNAMIC,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.36.131.86; helo=mx.hindley.org.uk; [email protected]; receiver=<UNKNOWN> Received: from mx.hindley.org.uk (193-36-131-86.cfwn.uk [193.36.131.86]) by email.devuan.org (Postfix) with ESMTPS id 93A2C173 for <[email protected]>; Fri, 24 Nov 2023 18:16:12 +0000 (UTC) Received: from hindley.org.uk (apollo.hindleynet [192.168.1.3]) by mx.hindley.org.uk (Postfix) with SMTP id CA45AE0D; Fri, 24 Nov 2023 18:16:10 +0000 (GMT) Received: (nullmailer pid 15898 invoked by uid 1000); Fri, 24 Nov 2023 18:16:10 -0000 Date: Fri, 24 Nov 2023 18:16:10 +0000 From: Mark Hindley <[email protected]> To: meow <[email protected]> Cc: [email protected] Message-ID: <[email protected]> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <[email protected]> Lorietta, On Fri, Nov 24, 2023 at 03:52:58AM +0000, meow wrote: > Example: Local DoS attack due to lack of PAM limits. > I think it’s safe to either include limits.so in /etc/pam. d/other, or > add a configuration for supervise-daemon. > Also, I have a question. What exactly is incompatible with debian in > the upstream version of this file? I added this file to my system and > everything works well, limits are applied and supervise-daemon > continues in normal mode. Debian uses pam-auth-update(8) to manage the addition of modules to /etc/pam.d/common-*. That will not work with the supplied upstream pam config. I am not a pam expert, but I *think* the Debian approach should be something like @include common-auth @include common-account @include common-password session optional pam_limits.so Does that work for you? Thanks Mark
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 X-Loop: [email protected] From: "Devuan bug Tracking System" <[email protected]> To: Mark Hindley <[email protected]> Subject: bug#805: Info received (bug#805: openrc: supervise-daemon: missing PAM configuration) Message-ID: <[email protected]> References: <[email protected]> X-Devuan-PR-Message: ack-info 805 X-Devuan-PR-Package: openrc X-Devuan-PR-Keywords: patch Reply-To: [email protected] Date: Fri, 24 Nov 2023 18:18:02 +0000 Thank you for the additional information you have supplied regarding this bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): [email protected] If you wish to submit further information on this problem, please send it to [email protected]. Please do not send mail to [email protected] unless you wish to report a problem with the Bug-tracking system. --=20 805: https://bugs.devuan.org/cgi/bugreport.cgi?bug=3D805 Devuan Bug Tracking System Contact [email protected] with problems
X-Loop: [email protected] Subject: bug#805: openrc: supervise-daemon: missing PAM configuration Reply-To: meow <[email protected]>, [email protected] Resent-From: meow <[email protected]> Resent-To: [email protected] Resent-CC: [email protected] X-Loop: [email protected] Resent-Date: Sat, 25 Nov 2023 05:54:02 +0000 Resent-Message-ID: <[email protected]> Resent-Sender: [email protected] X-Devuan-PR-Message: followup 805 X-Devuan-PR-Package: openrc X-Devuan-PR-Keywords: patch References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> Received: via spool by [email protected] id=B805.170089155631171 (code B ref 805); Sat, 25 Nov 2023 05:54:02 +0000 Received: (at 805) by bugs.devuan.org; 25 Nov 2023 05:52:36 +0000 Delivered-To: [email protected] Received: from email.devuan.org [2a01:4f8:a0:3284::74ca:8ad2] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Sat, 25 Nov 2023 05:52:36 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id uzQqMFWLYWXVUgAAmSBk0A (envelope-from <[email protected]>) for <[email protected]>; Sat, 25 Nov 2023 05:51:17 +0000 Received: by email.devuan.org (Postfix, from userid 109) id BA03C722; Sat, 25 Nov 2023 05:51:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2607:f8b0:4864:20::c42; helo=mail-oo1-xc42.google.com; [email protected]; receiver=<UNKNOWN> Received: from mail-oo1-xc42.google.com (mail-oo1-xc42.google.com [IPv6:2607:f8b0:4864:20::c42]) by email.devuan.org (Postfix) with ESMTPS id DC96B4CC for <[email protected]>; Sat, 25 Nov 2023 05:51:10 +0000 (UTC) Received: by mail-oo1-xc42.google.com with SMTP id 006d021491bc7-58ceabd7cdeso1359381eaf.3 for <[email protected]>; Fri, 24 Nov 2023 21:51:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1700891469; x=1701496269; darn=bugs.devuan.org; h=content-transfer-encoding:mime-version:message-id:references :in-reply-to:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=Xaw1jdODtUCt/v7hJ1CL9pjjOXTbi76369p4LTbFYaI=; b=lOD1Ei7ptfJ6Gn3Rx9DE/QHKQ6C4MnrnsJOvOyKiuF4pG4Hb+9cOOq5htqwo3UiG+t +KWvblV2k9BvJEDaOKjpdEp+ZheN9l12tnUlzTjaDSFPDFTjbpYHwCiZ7U5MSPi2PBe+ 6tkEemh//zpWCVpeVFbBJCmlHXYbgSSIvWn4X8cXvYXCcQM6rCivlZDTL2YDlDCI0PlG nAga6ncfgH80XZtvsPE2HwM3Vc+AtiT4scO8NHwZNCeB/CJEycfKzWwet/4AW2lvdMdW kKURNBslTvr2X8A+V1EReIB1MiVBnrpGwB4vX3Kj4DJUq8wvhAaDo24HAimRu3+ATFHO vUjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700891469; x=1701496269; h=content-transfer-encoding:mime-version:message-id:references :in-reply-to:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Xaw1jdODtUCt/v7hJ1CL9pjjOXTbi76369p4LTbFYaI=; b=v1dygsqoh34EAA2J47TuclVOD3ycaM0KwV6rtlR97F0jmKgoYXvUgZU1ykXg301ral Sm0bUKIRKcj03lPMa7iBOqb50Tu3f3qaCfVFd+ZLh1gph4pvEb9jApCywU84PhheUvod i/Jc0x2KYkAnTtMg8Wbw5M+Rw4dfpVIu2Dr0dnNRHzA0GNR8l0XOh3Xnx2mMywk9yMsE plJBH1oXsCcDDC8U/Jv0ypQEECIVFihZOlmZvXhBSfPpN+Z32KMMbzr9UXGYDQxa1GbC AAIwOIfzwHKR/7MCqyYl4+AE3lyyM2LK8fYBajfOS6NwfyFNZTGagyElIRg8lYj3Vz05 TlQg== X-Gm-Message-State: AOJu0Yx++LuCzdT5uOu8vAkK/sCsU8FtThzvuVXGtma5IgD0gjpc2zUs ADsjhVK75tqnnAu/WdS2KaA= X-Google-Smtp-Source: AGHT+IGH/aD0Jfa7/HiAdz6+y3kmokI7HIC/b8pPWTrnZ/T6Myo9PUNg6ioPQECsM1HrfA7jG+C6fQ== X-Received: by 2002:a05:6820:16a9:b0:58d:54e8:56e7 with SMTP id bc41-20020a05682016a900b0058d54e856e7mr853425oob.0.1700891468752; Fri, 24 Nov 2023 21:51:08 -0800 (PST) Received: from [127.0.0.1] ([188.113.129.102]) by smtp.gmail.com with ESMTPSA id 124-20020a4a1782000000b0058d304dfc45sm610804ooe.20.2023.11.24.21.51.07 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 24 Nov 2023 21:51:08 -0800 (PST) Date: Sat, 25 Nov 2023 06:48:42 +0000 From: meow <[email protected]> To: Mark Hindley <[email protected]> CC: [email protected] In-Reply-To: <[email protected]> Message-ID: <[email protected]> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=----7KIZHX6G9ASO10J0UE769BVJ4N2TAJ Content-Transfer-Encoding: 7bit ------7KIZHX6G9ASO10J0UE769BVJ4N2TAJ Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Yes, you=E2=80=99re right, it should be included in the configuration file= =2E /etc/pam=2Ed/supervise-daemon: #%PAM-1=2E0 auth required pam_permit=2Eso account required pam_permit=2Eso password required pam_deny=2Eso session optional pam_limits=2Eso @include common-account @include common-session-nointeractive use 'common-*' incorrectly=2E we only need common-account and common-sessi= on-nointetactive=2E this config should work well in debian=2E On November 24, 2023 6:16:10 PM UTC, Mark Hindley <mark@hindley=2Eorg=2Euk= > wrote: >Lorietta, > >On Fri, Nov 24, 2023 at 03:52:58AM +0000, meow wrote: >> Example: Local DoS attack due to lack of PAM limits=2E >> I think it=E2=80=99s safe to either include limits=2Eso in /etc/pam= =2E d/other, or >> add a configuration for supervise-daemon=2E >> Also, I have a question=2E What exactly is incompatible with debian = in >> the upstream version of this file? I added this file to my system an= d >> everything works well, limits are applied and supervise-daemon >> continues in normal mode=2E > >Debian uses pam-auth-update(8) to manage the addition of modules to >/etc/pam=2Ed/common-*=2E That will not work with the supplied upstream pa= m config=2E > >I am not a pam expert, but I *think* the Debian approach should be someth= ing >like > > >@include common-auth >@include common-account >@include common-password >session optional pam_limits=2Eso > >Does that work for you? > >Thanks > >Mark ------7KIZHX6G9ASO10J0UE769BVJ4N2TAJ Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><head></head><body><div dir=3D"auto">Yes, you=E2=80=99re right, it sh= ould be included in the configuration file=2E<br><br>/etc/pam=2Ed/supervise= -daemon:<br>#%PAM-1=2E0<br><br>auth=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0 required=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 pam_permit=2Eso<br>account=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 required=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 pam_permit=2Eso<br>p= assword=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 required=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0 pam_deny=2Eso<br>session=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0 optional=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 pam_limits=2Eso<br>@include common-account<br>@include common-session-n= ointeractive<br><br>use 'common-*' incorrectly=2E we only need common-accou= nt and common-session-nointetactive=2E<br>this config should work well in d= ebian=2E</div><br><br><div class=3D"gmail_quote"><div dir=3D"auto">On Novem= ber 24, 2023 6:16:10 PM UTC, Mark Hindley <mark@hindley=2Eorg=2Euk> w= rote:</div><blockquote class=3D"gmail_quote" style=3D"margin: 0pt 0pt 0pt 0= =2E8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"> <pre class=3D"k9mail"><div dir=3D"auto">Lorietta,<br><br>On Fri, Nov 24, 2= 023 at 03:52:58AM +0000, meow wrote:<br></div><blockquote class=3D"gmail_qu= ote" style=3D"margin: 0pt 0pt 1ex 0=2E8ex; border-left: 1px solid #729fcf; = padding-left: 1ex;"><div dir=3D"auto">Example: Local DoS attack due to lack= of PAM limits=2E<br>I think it=E2=80=99s safe to either include limits=2Es= o in /etc/pam=2E d/other, or<br>add a configuration for supervise-daemon=2E= <br>Also, I have a question=2E What exactly is incompatible with debian in<= br>the upstream version of this file? I added this file to my system and<br= >everything works well, limits are applied and supervise-daemon<br>continue= s in normal mode=2E<br></div></blockquote><div dir=3D"auto"><br>Debian uses= pam-auth-update(8) to manage the addition of modules to<br>/etc/pam=2Ed/co= mmon-*=2E That will not work with the supplied upstream pam config=2E<br><b= r>I am not a pam expert, but I *think* the Debian approach should be someth= ing<br>like<br><br><br>@include common-auth<br>@include common-account<br>@= include common-password<br>session optional pam_limits=2Eso<= br><br>Does that work for you?<br><br>Thanks<br><br>Mark<br></div></pre></b= lockquote></div></body></html> ------7KIZHX6G9ASO10J0UE769BVJ4N2TAJ--
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 X-Loop: [email protected] From: "Devuan bug Tracking System" <[email protected]> To: meow <[email protected]> Subject: bug#805: Info received (bug#805: openrc: supervise-daemon: missing PAM configuration) Message-ID: <[email protected]> References: <[email protected]> X-Devuan-PR-Message: ack-info 805 X-Devuan-PR-Package: openrc X-Devuan-PR-Keywords: patch Reply-To: [email protected] Date: Sat, 25 Nov 2023 05:54:03 +0000 Thank you for the additional information you have supplied regarding this bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): [email protected] If you wish to submit further information on this problem, please send it to [email protected]. Please do not send mail to [email protected] unless you wish to report a problem with the Bug-tracking system. --=20 805: https://bugs.devuan.org/cgi/bugreport.cgi?bug=3D805 Devuan Bug Tracking System Contact [email protected] with problems
X-Loop: [email protected] Subject: bug#805: openrc: supervise-daemon: missing PAM configuration Reply-To: meow <[email protected]>, [email protected] Resent-From: meow <[email protected]> Resent-To: [email protected] Resent-CC: [email protected] X-Loop: [email protected] Resent-Date: Sat, 25 Nov 2023 06:12:02 +0000 Resent-Message-ID: <[email protected]> Resent-Sender: [email protected] X-Devuan-PR-Message: followup 805 X-Devuan-PR-Package: openrc X-Devuan-PR-Keywords: patch References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> Received: via spool by [email protected] id=B805.170089263231541 (code B ref 805); Sat, 25 Nov 2023 06:12:02 +0000 Received: (at 805) by bugs.devuan.org; 25 Nov 2023 06:10:32 +0000 Delivered-To: [email protected] Received: from email.devuan.org [2a01:4f8:a0:3284::74ca:8ad2] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Sat, 25 Nov 2023 06:10:32 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id izNYM8SPYWXuUwAAmSBk0A (envelope-from <[email protected]>) for <[email protected]>; Sat, 25 Nov 2023 06:10:12 +0000 Received: by email.devuan.org (Postfix, from userid 109) id C7056722; Sat, 25 Nov 2023 06:10:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2607:f8b0:4864:20::f43; helo=mail-qv1-xf43.google.com; [email protected]; receiver=<UNKNOWN> Received: from mail-qv1-xf43.google.com (mail-qv1-xf43.google.com [IPv6:2607:f8b0:4864:20::f43]) by email.devuan.org (Postfix) with ESMTPS id 97D534CC for <[email protected]>; Sat, 25 Nov 2023 06:10:07 +0000 (UTC) Received: by mail-qv1-xf43.google.com with SMTP id 6a1803df08f44-67a25fb443bso1571656d6.3 for <[email protected]>; Fri, 24 Nov 2023 22:10:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1700892606; x=1701497406; darn=bugs.devuan.org; h=content-transfer-encoding:mime-version:message-id:references :in-reply-to:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=wk+Bs9ohYmhDh+sYzezW1ptZVIJM4CvlAnXZAVAYYZ4=; b=UAixxbNmHav59UspIjpW91ncz2HZS4Nu+PCb3qU8HnWE6oCTxX+baTLqKyvpPuD9N5 x5M93mGE03LkeCuYTB1BUOA4sM4qQnXp8qNm+EIe5S9QFcfueEoTDlkILBdRQErqFZIw c7C0GOtQJyvyeneBTdEI2BwsZU3zyFBPP2VXSyXEq3gfU2UxF+IkyTeOki8L61JmeD4g vsYrCG0kP9jkWPZG7sGz1Wp+pAMxUQPntzf8n86YshQZkFt8MjXMXg+vLhyY96ugypw3 PelEyOHc9wCBZp0IuWhd08/FsSs3IMdkmIwrMZFEEYYzQ5sXjyOL1PqYFoR5UCDjWV6D ruqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700892606; x=1701497406; h=content-transfer-encoding:mime-version:message-id:references :in-reply-to:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wk+Bs9ohYmhDh+sYzezW1ptZVIJM4CvlAnXZAVAYYZ4=; b=cwnor5KkBVzTyLk+vs36LwMtVjM7JDaEGWiVcXIICLGZVKNBHidUk929mE270c+oLh vul4VuUofM/7gE93ZPOCo8cslpZd/1kabtXyk11gxruphAmWnJ7NQ/7gTL2kiMWCwLxJ lES2njRRjHtDwbE9b0xGy9xnPCqonTFrZwnDKXCfja2fFrETe1EPT8pVjUGJ5NcdAsmT 2Pq1dhSjiDRi2quj56wUPWgDk58hIkGlvoPxaUlCBRgjlEy+t/hH0efinZD/YPbD16QX fw3xZ4fMrPd689k1afbu44lBOyDFTRjx8V45DF7XBrkh7uwOn0G02iburNSUymsDUyy8 j5vw== X-Gm-Message-State: AOJu0YyLCINbfsnSgbXCeAd9pgB2Wc6LiwDuEIQO6w00JpfYGTMbtLm8 kvvkyoQvZescmrY31k0wHxM= X-Google-Smtp-Source: AGHT+IHH9dhdcUdH4GxWhKVeJlkr81IKMpnlOTLWLtr/iyiqMsD66oO7PSr1x06Ek6TFsEzOM5mESA== X-Received: by 2002:a05:6214:86:b0:67a:2b0b:c591 with SMTP id n6-20020a056214008600b0067a2b0bc591mr407214qvr.25.1700892605907; Fri, 24 Nov 2023 22:10:05 -0800 (PST) Received: from [127.0.0.1] ([188.113.129.102]) by smtp.gmail.com with ESMTPSA id f11-20020a056214076b00b0067a11cd4dbesm1277018qvz.65.2023.11.24.22.10.04 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 24 Nov 2023 22:10:05 -0800 (PST) Date: Sat, 25 Nov 2023 07:07:40 +0000 From: meow <[email protected]> To: Mark Hindley <[email protected]> CC: [email protected] In-Reply-To: <[email protected]> Message-ID: <[email protected]> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=----SSIQX2U6997IVQMT0EWOD81B7VFUCL Content-Transfer-Encoding: 7bit ------SSIQX2U6997IVQMT0EWOD81B7VFUCL Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Yes, you=E2=80=99re right, it should be included in the configuration file= =2E /etc/pam=2Ed/supervise-daemon: #%PAM-1=2E0 auth=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 req= uired=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 pam_permit=2Eso account=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 required=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 pam_permit=2Eso password=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 required=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0 pam_deny=2Eso session=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 optional=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 pam_limits=2Eso @include common-account @include common-session-noninteractive use 'common-*' incorrectly=2E we only need common-account and common-sessi= on-nonintetactive=2E this config should work well in debian=2E On November 24, 2023 6:16:10 PM UTC, Mark Hindley <mark@hindley=2Eorg=2Euk= > wrote: >Lorietta, > >On Fri, Nov 24, 2023 at 03:52:58AM +0000, meow wrote: >> Example: Local DoS attack due to lack of PAM limits=2E >> I think it=E2=80=99s safe to either include limits=2Eso in /etc/pam= =2E d/other, or >> add a configuration for supervise-daemon=2E >> Also, I have a question=2E What exactly is incompatible with debian = in >> the upstream version of this file? I added this file to my system an= d >> everything works well, limits are applied and supervise-daemon >> continues in normal mode=2E > >Debian uses pam-auth-update(8) to manage the addition of modules to >/etc/pam=2Ed/common-*=2E That will not work with the supplied upstream pa= m config=2E > >I am not a pam expert, but I *think* the Debian approach should be someth= ing >like > > >@include common-auth >@include common-account >@include common-password >session optional pam_limits=2Eso > >Does that work for you? > >Thanks > >Mark ------SSIQX2U6997IVQMT0EWOD81B7VFUCL Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><head></head><body><div dir=3D"auto">Yes, you=E2=80=99re right, it sh= ould be included in the configuration file=2E<br><br>/etc/pam=2Ed/supervise= -daemon:<br>#%PAM-1=2E0<br><br>auth=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0 required=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 pam_permit=2Eso<br>account=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 required=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 pam_permit=2Eso<br>p= assword=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 required=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0 pam_deny=2Eso<br>session=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0 optional=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 pam_limits=2Eso<br>@include common-account<br>@include common-session-n= oninteractive<br><br>use 'common-*' incorrectly=2E we only need common-acco= unt and common-session-nonintetactive=2E<br>this config should work well in= debian=2E</div><br><br><div class=3D"gmail_quote"><div dir=3D"auto">On Nov= ember 24, 2023 6:16:10 PM UTC, Mark Hindley <mark@hindley=2Eorg=2Euk>= wrote:</div><blockquote class=3D"gmail_quote" style=3D"margin: 0pt 0pt 0pt= 0=2E8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"> <pre class=3D"k9mail"><div dir=3D"auto">Lorietta,<br><br>On Fri, Nov 24, 2= 023 at 03:52:58AM +0000, meow wrote:<br></div><blockquote class=3D"gmail_qu= ote" style=3D"margin: 0pt 0pt 1ex 0=2E8ex; border-left: 1px solid #729fcf; = padding-left: 1ex;"><div dir=3D"auto">Example: Local DoS attack due to lack= of PAM limits=2E<br>I think it=E2=80=99s safe to either include limits=2Es= o in /etc/pam=2E d/other, or<br>add a configuration for supervise-daemon=2E= <br>Also, I have a question=2E What exactly is incompatible with debian in<= br>the upstream version of this file? I added this file to my system and<br= >everything works well, limits are applied and supervise-daemon<br>continue= s in normal mode=2E<br></div></blockquote><div dir=3D"auto"><br>Debian uses= pam-auth-update(8) to manage the addition of modules to<br>/etc/pam=2Ed/co= mmon-*=2E That will not work with the supplied upstream pam config=2E<br><b= r>I am not a pam expert, but I *think* the Debian approach should be someth= ing<br>like<br><br><br>@include common-auth<br>@include common-account<br>@= include common-password<br>session optional pam_limits=2Eso<= br><br>Does that work for you?<br><br>Thanks<br><br>Mark<br></div></pre></b= lockquote></div></body></html> ------SSIQX2U6997IVQMT0EWOD81B7VFUCL--
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 X-Loop: [email protected] From: "Devuan bug Tracking System" <[email protected]> To: meow <[email protected]> Subject: bug#805: Info received (bug#805: openrc: supervise-daemon: missing PAM configuration) Message-ID: <[email protected]> References: <[email protected]> X-Devuan-PR-Message: ack-info 805 X-Devuan-PR-Package: openrc X-Devuan-PR-Keywords: patch Reply-To: [email protected] Date: Sat, 25 Nov 2023 06:12:02 +0000 Thank you for the additional information you have supplied regarding this bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): [email protected] If you wish to submit further information on this problem, please send it to [email protected]. Please do not send mail to [email protected] unless you wish to report a problem with the Bug-tracking system. --=20 805: https://bugs.devuan.org/cgi/bugreport.cgi?bug=3D805 Devuan Bug Tracking System Contact [email protected] with problems
X-Loop: [email protected] Subject: bug#805: openrc: supervise-daemon: missing PAM configuration Reply-To: Mark Hindley <[email protected]>, [email protected] Resent-From: Mark Hindley <[email protected]> Resent-To: [email protected] Resent-CC: [email protected] X-Loop: [email protected] Resent-Date: Sun, 26 Nov 2023 09:11:02 +0000 Resent-Message-ID: <[email protected]> Resent-Sender: [email protected] X-Devuan-PR-Message: followup 805 X-Devuan-PR-Package: openrc X-Devuan-PR-Keywords: patch References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> Received: via spool by [email protected] id=B805.17009897421858 (code B ref 805); Sun, 26 Nov 2023 09:11:02 +0000 Received: (at 805) by bugs.devuan.org; 26 Nov 2023 09:09:02 +0000 Delivered-To: [email protected] Received: from email.devuan.org [2a01:4f8:a0:3284::74ca:8ad2] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Sun, 26 Nov 2023 09:09:02 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id ag9IOtYKY2X3WQAAmSBk0A (envelope-from <[email protected]>) for <[email protected]>; Sun, 26 Nov 2023 09:07:34 +0000 Received: by email.devuan.org (Postfix, from userid 109) id E34B7721; Sun, 26 Nov 2023 09:07:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: X-Spam-Status: No, score=0.4 required=5.0 tests=RDNS_DYNAMIC,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.36.131.86; helo=mx.hindley.org.uk; [email protected]; receiver=<UNKNOWN> Received: from mx.hindley.org.uk (193-36-131-86.cfwn.uk [193.36.131.86]) by email.devuan.org (Postfix) with ESMTPS id 95B4842 for <[email protected]>; Sun, 26 Nov 2023 09:07:31 +0000 (UTC) Received: from hindley.org.uk (apollo.hindleynet [192.168.1.3]) by mx.hindley.org.uk (Postfix) with SMTP id 973CE1D4C; Sun, 26 Nov 2023 09:07:29 +0000 (GMT) Received: (nullmailer pid 3105 invoked by uid 1000); Sun, 26 Nov 2023 09:07:28 -0000 Date: Sun, 26 Nov 2023 09:07:28 +0000 From: Mark Hindley <[email protected]> To: meow <[email protected]> Cc: [email protected] Message-ID: <ZWL6ZnDmsDw/[email protected]> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <[email protected]> X-IMAPbase: 1220827534 0000000352 X-UID: 352 Hi, On Sat, Nov 25, 2023 at 06:48:42AM +0000, meow wrote: > Yes, you’re right, it should be included in the configuration file. > /etc/pam.d/supervise-daemon: > #%PAM-1.0 > auth required pam_permit.so > account required pam_permit.so > password required pam_deny.so > session optional pam_limits.so > @include common-account > @include common-session-nointeractive > use 'common-*' incorrectly. we only need common-account and > common-session-nointetactive. This is different to what I suggested. I think > auth required pam_permit.so > account required pam_permit.so Should be *replaced* by @include common-auth @include common-account And > session optional pam_limits.so should be after @include common-session-nointetactive That makes the whole config #%PAM-1.0 password required pam_deny.so @include common-account @include common-account @include common-session-nointeractive session optional pam_limits.so Is that better? If you have improvements, please provide the reasoning as well. Thanks Mark
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 X-Loop: [email protected] From: "Devuan bug Tracking System" <[email protected]> To: Mark Hindley <[email protected]> Subject: bug#805: Info received (bug#805: openrc: supervise-daemon: missing PAM configuration) Message-ID: <[email protected]> References: <ZWL6ZnDmsDw/[email protected]> X-Devuan-PR-Message: ack-info 805 X-Devuan-PR-Package: openrc X-Devuan-PR-Keywords: patch Reply-To: [email protected] Date: Sun, 26 Nov 2023 09:11:08 +0000 Thank you for the additional information you have supplied regarding this bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): [email protected] If you wish to submit further information on this problem, please send it to [email protected]. Please do not send mail to [email protected] unless you wish to report a problem with the Bug-tracking system. --=20 805: https://bugs.devuan.org/cgi/bugreport.cgi?bug=3D805 Devuan Bug Tracking System Contact [email protected] with problems
X-Loop: [email protected] Subject: bug#805: openrc: supervise-daemon: missing PAM configuration Reply-To: meow <[email protected]>, [email protected] Resent-From: meow <[email protected]> Resent-To: [email protected] Resent-CC: [email protected] X-Loop: [email protected] Resent-Date: Tue, 28 Nov 2023 23:14:01 +0000 Resent-Message-ID: <[email protected]> Resent-Sender: [email protected] X-Devuan-PR-Message: followup 805 X-Devuan-PR-Package: openrc X-Devuan-PR-Keywords: patch References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <ZWL6ZnDmsDw/[email protected]> <[email protected]> Received: via spool by [email protected] id=B805.170121312126252 (code B ref 805); Tue, 28 Nov 2023 23:14:01 +0000 Received: (at 805) by bugs.devuan.org; 28 Nov 2023 23:12:01 +0000 Delivered-To: [email protected] Received: from email.devuan.org [2a01:4f8:a0:3284::74ca:8ad2] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Tue, 28 Nov 2023 23:12:01 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id Z/JbIHVzZmV/KAAAmSBk0A (envelope-from <[email protected]>) for <[email protected]>; Tue, 28 Nov 2023 23:10:45 +0000 Received: by email.devuan.org (Postfix, from userid 109) id 79A9C98; Tue, 28 Nov 2023 23:10:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2607:f8b0:4864:20::844; helo=mail-qt1-x844.google.com; [email protected]; receiver=<UNKNOWN> Received: from mail-qt1-x844.google.com (mail-qt1-x844.google.com [IPv6:2607:f8b0:4864:20::844]) by email.devuan.org (Postfix) with ESMTPS id E122127 for <[email protected]>; Tue, 28 Nov 2023 23:10:38 +0000 (UTC) Received: by mail-qt1-x844.google.com with SMTP id d75a77b69052e-423e7e0a619so1063531cf.1 for <[email protected]>; Tue, 28 Nov 2023 15:10:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701213037; x=1701817837; darn=bugs.devuan.org; h=content-transfer-encoding:mime-version:message-id:references :in-reply-to:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=3BzkSYHalhKStdEpiUqV3xuMJorTx6V1K/Qy1NA9tpE=; b=TrKvYY4tlPQl/ixv37RHwKi/2/W5ausNxo9DUVFFAtDn6m0m/V30xdOkereJn7BMqo DoeHxZqhjIXjwzOWtenq2FJPFcXzPy+ynxV50lMhofRAk9+tEGWjk9/4AVGRKveHtCjd S0UrvAI2QdaYs6k2wrRBhoRxlIWSUlml1HX7INz/NjEZsRfZPnhRimufQtfDd+DQGGIe NxT8j3esaxCGu+C9w/6S90qxZBR05H0EAmMLxrvf5Lg1vh53zsNpTlIpAdyrt94CRXOc nwE/I/DtRlbg2eSktUKSwxkX5fXoOl3dRTcFvXgoxDFykgd5yUrrEljWEm0Y4rehyAna 2Riw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701213037; x=1701817837; h=content-transfer-encoding:mime-version:message-id:references :in-reply-to:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3BzkSYHalhKStdEpiUqV3xuMJorTx6V1K/Qy1NA9tpE=; b=AwoJY/66kDBv+5lrmDEj+Ec+Raok6GnSuvuPjmSg+ur/Ch56x/kx0g9Vv8mWnx63Zi e89PRVnmFEBER6Q6YsUmu7+UUkSDh/xH+c6BX5KRX5nyqsMOWKQC80cjj0TU48fri0M3 lqpzG1/aCC0ltIBje2h/RJCFXnJ92nT5ZBOyz2DC+UgG/++DlxrwDqf6sB6/5tnFd8WF BaBW4Fa5S6oLfAe28aDQn0AgtIMFDDrbsboY2Y0DUgXItBgenz1Mx0bcknOHy2QzSPO8 EjLlDe+RVgHZyZ11xslErrNooSvT1QV9QckALOQLJjntzrRTA3YF7OcBfuAXYzgxrzUm MHqw== X-Gm-Message-State: AOJu0Ywedf5w+yjYRRZRYyG9NfAT0g1z9GImoTSWWEXZPPboRTXhNSyj k8LiZIltOguoaNfARIGjjbg= X-Google-Smtp-Source: AGHT+IHMdzOx/YccGB8GMllYkMjgrBYthtsc/YxJuAUZJo7bAQSQ/poVsPhrwiqu46cfbvVXafqFJA== X-Received: by 2002:ac8:5d4f:0:b0:423:b145:141d with SMTP id g15-20020ac85d4f000000b00423b145141dmr17742512qtx.27.1701213036848; Tue, 28 Nov 2023 15:10:36 -0800 (PST) Received: from [127.0.0.1] ([188.113.129.102]) by smtp.gmail.com with ESMTPSA id o18-20020a05622a045200b0041818df8a0dsm3655729qtx.36.2023.11.28.15.10.35 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 28 Nov 2023 15:10:36 -0800 (PST) Date: Wed, 29 Nov 2023 00:07:57 +0000 From: meow <[email protected]> To: Mark Hindley <[email protected]> CC: [email protected] In-Reply-To: <ZWL6ZnDmsDw/[email protected]> Message-ID: <[email protected]> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=----VBLQG9PU4YHU7HY80FK5T7CKFHZFY5 Content-Transfer-Encoding: 7bit ------VBLQG9PU4YHU7HY80FK5T7CKFHZFY5 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable No, there are nuances=2E for example, the PAM access module=2E if you turn it on, supervise-daemon stops working correctly=2E On November 26, 2023 9:07:28 AM UTC, Mark Hindley <mark@hindley=2Eorg=2Euk= > wrote: >Hi, > >On Sat, Nov 25, 2023 at 06:48:42AM +0000, meow wrote: >> Yes, you=E2=80=99re right, it should be included in the configuratio= n file=2E >> /etc/pam=2Ed/supervise-daemon: >> #%PAM-1=2E0 >> auth required pam_permit=2Eso >> account required pam_permit=2Eso >> password required pam_deny=2Eso >> session optional pam_limits=2Eso >> @include common-account >> @include common-session-nointeractive >> use 'common-*' incorrectly=2E we only need common-account and >> common-session-nointetactive=2E > >This is different to what I suggested=2E > >I think > >> auth required pam_permit=2Eso >> account required pam_permit=2Eso > >Should be *replaced* by > >@include common-auth >@include common-account > >And > >> session optional pam_limits=2Eso > >should be after > >@include common-session-nointetactive > >That makes the whole config > >#%PAM-1=2E0 >password required pam_deny=2Eso >@include common-account >@include common-account >@include common-session-nointeractive >session optional pam_limits=2Eso > >Is that better? > >If you have improvements, please provide the reasoning as well=2E > >Thanks > >Mark ------VBLQG9PU4YHU7HY80FK5T7CKFHZFY5 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><head></head><body><div dir=3D"auto">No, there are nuances=2E for exa= mple, the PAM access module=2E<br>if you turn it on, supervise-daemon stops= working correctly=2E</div><br><br><div class=3D"gmail_quote"><div dir=3D"a= uto">On November 26, 2023 9:07:28 AM UTC, Mark Hindley <mark@hindley=2Eo= rg=2Euk> wrote:</div><blockquote class=3D"gmail_quote" style=3D"margin: = 0pt 0pt 0pt 0=2E8ex; border-left: 1px solid rgb(204, 204, 204); padding-lef= t: 1ex;"> <pre class=3D"k9mail"><div dir=3D"auto">Hi,<br><br>On Sat, Nov 25, 2023 at= 06:48:42AM +0000, meow wrote:<br></div><blockquote class=3D"gmail_quote" s= tyle=3D"margin: 0pt 0pt 1ex 0=2E8ex; border-left: 1px solid #729fcf; paddin= g-left: 1ex;"><div dir=3D"auto">Yes, you=E2=80=99re right, it should be inc= luded in the configuration file=2E<br>/etc/pam=2Ed/supervise-daemon:<br>#%P= AM-1=2E0<br>auth required pam_permit=2Eso<br>account = required pam_permit=2Eso<br>password required pam_= deny=2Eso<br>session optional pam_limits=2Eso<br>@include co= mmon-account<br>@include common-session-nointeractive<br>use 'common-*' inc= orrectly=2E we only need common-account and<br>common-session-nointetactive= =2E<br></div></blockquote><div dir=3D"auto"><br>This is different to what I= suggested=2E<br><br>I think<br><br></div><blockquote class=3D"gmail_quote"= style=3D"margin: 0pt 0pt 1ex 0=2E8ex; border-left: 1px solid #729fcf; padd= ing-left: 1ex;"><div dir=3D"auto">auth required pam_permi= t=2Eso<br>account required pam_permit=2Eso<br></div></blockq= uote><div dir=3D"auto"><br>Should be *replaced* by<br><br>@include common-a= uth<br>@include common-account<br><br>And<br><br></div><blockquote class=3D= "gmail_quote" style=3D"margin: 0pt 0pt 1ex 0=2E8ex; border-left: 1px solid = #729fcf; padding-left: 1ex;"><div dir=3D"auto">session optional = pam_limits=2Eso<br></div></blockquote><div dir=3D"auto"><br>should be a= fter<br><br>@include common-session-nointetactive<br><br>That makes the who= le config<br><br>#%PAM-1=2E0<br>password required pam_deny=2E= so<br>@include common-account<br>@include common-account<br>@include common= -session-nointeractive<br>session optional pam_limits=2Eso<b= r><br>Is that better?<br><br>If you have improvements, please provide the r= easoning as well=2E<br><br>Thanks<br><br>Mark<br></div></pre></blockquote><= /div></body></html> ------VBLQG9PU4YHU7HY80FK5T7CKFHZFY5--
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 X-Loop: [email protected] From: "Devuan bug Tracking System" <[email protected]> To: meow <[email protected]> Subject: bug#805: Info received (bug#805: openrc: supervise-daemon: missing PAM configuration) Message-ID: <[email protected]> References: <[email protected]> X-Devuan-PR-Message: ack-info 805 X-Devuan-PR-Package: openrc X-Devuan-PR-Keywords: patch Reply-To: [email protected] Date: Tue, 28 Nov 2023 23:14:03 +0000 Thank you for the additional information you have supplied regarding this bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): [email protected] If you wish to submit further information on this problem, please send it to [email protected]. Please do not send mail to [email protected] unless you wish to report a problem with the Bug-tracking system. --=20 805: https://bugs.devuan.org/cgi/bugreport.cgi?bug=3D805 Devuan Bug Tracking System Contact [email protected] with problems
X-Loop: [email protected] Subject: bug#805: openrc: supervise-daemon: missing PAM configuration Reply-To: Mark Hindley <[email protected]>, [email protected] Resent-From: Mark Hindley <[email protected]> Resent-To: [email protected] Resent-CC: [email protected] X-Loop: [email protected] Resent-Date: Wed, 29 Nov 2023 17:42:01 +0000 Resent-Message-ID: <[email protected]> Resent-Sender: [email protected] X-Devuan-PR-Message: followup 805 X-Devuan-PR-Package: openrc X-Devuan-PR-Keywords: patch References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <ZWL6ZnDmsDw/[email protected]> <[email protected]> <[email protected]> Received: via spool by [email protected] id=B805.170127963525476 (code B ref 805); Wed, 29 Nov 2023 17:42:01 +0000 Received: (at 805) by bugs.devuan.org; 29 Nov 2023 17:40:35 +0000 Delivered-To: [email protected] Received: from email.devuan.org [2a01:4f8:a0:3284::74ca:8ad2] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Wed, 29 Nov 2023 17:40:35 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id 11BRH1F3Z2XoCQAAmSBk0A (envelope-from <[email protected]>) for <[email protected]>; Wed, 29 Nov 2023 17:39:29 +0000 Received: by email.devuan.org (Postfix, from userid 109) id 75D7E670; Wed, 29 Nov 2023 17:39:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: X-Spam-Status: No, score=0.4 required=5.0 tests=RDNS_DYNAMIC,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.36.131.86; helo=mx.hindley.org.uk; [email protected]; receiver=<UNKNOWN> Received: from mx.hindley.org.uk (193-36-131-86.cfwn.uk [193.36.131.86]) by email.devuan.org (Postfix) with ESMTPS id 0F57342 for <[email protected]>; Wed, 29 Nov 2023 17:39:28 +0000 (UTC) Received: from hindley.org.uk (apollo.hindleynet [192.168.1.3]) by mx.hindley.org.uk (Postfix) with SMTP id C9DD29B6; Wed, 29 Nov 2023 17:39:27 +0000 (GMT) Received: (nullmailer pid 26507 invoked by uid 1000); Wed, 29 Nov 2023 17:39:27 -0000 Date: Wed, 29 Nov 2023 17:39:27 +0000 From: Mark Hindley <[email protected]> To: meow <[email protected]> Cc: [email protected] Message-ID: <[email protected]> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <[email protected]> On Wed, Nov 29, 2023 at 12:07:57AM +0000, meow wrote: > No, there are nuances. for example, the PAM access module. > if you turn it on, supervise-daemon stops working correctly. Please don't top post. I don't understand what you are answering here. Sorry. Mark
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 X-Loop: [email protected] From: "Devuan bug Tracking System" <[email protected]> To: Mark Hindley <[email protected]> Subject: bug#805: Info received (bug#805: openrc: supervise-daemon: missing PAM configuration) Message-ID: <[email protected]> References: <[email protected]> X-Devuan-PR-Message: ack-info 805 X-Devuan-PR-Package: openrc X-Devuan-PR-Keywords: patch Reply-To: [email protected] Date: Wed, 29 Nov 2023 17:42:02 +0000 Thank you for the additional information you have supplied regarding this bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): [email protected] If you wish to submit further information on this problem, please send it to [email protected]. Please do not send mail to [email protected] unless you wish to report a problem with the Bug-tracking system. --=20 805: https://bugs.devuan.org/cgi/bugreport.cgi?bug=3D805 Devuan Bug Tracking System Contact [email protected] with problems
X-Loop: [email protected] Subject: bug#805: openrc: supervise-daemon: missing PAM configuration Reply-To: meow <[email protected]>, [email protected] Resent-From: meow <[email protected]> Resent-To: [email protected] Resent-CC: [email protected] X-Loop: [email protected] Resent-Date: Thu, 30 Nov 2023 08:24:01 +0000 Resent-Message-ID: <[email protected]> Resent-Sender: [email protected] X-Devuan-PR-Message: followup 805 X-Devuan-PR-Package: openrc X-Devuan-PR-Keywords: patch References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <ZWL6ZnDmsDw/[email protected]> <[email protected]> <[email protected]> <[email protected]> Received: via spool by [email protected] id=B805.170133255227015 (code B ref 805); Thu, 30 Nov 2023 08:24:01 +0000 Received: (at 805) by bugs.devuan.org; 30 Nov 2023 08:22:32 +0000 Delivered-To: [email protected] Received: from email.devuan.org [2a01:4f8:a0:3284::74ca:8ad2] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Thu, 30 Nov 2023 08:22:32 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id 9BDcLT9GaGXSRQAAmSBk0A (envelope-from <[email protected]>) for <[email protected]>; Thu, 30 Nov 2023 08:22:23 +0000 Received: by email.devuan.org (Postfix, from userid 109) id B135963F; Thu, 30 Nov 2023 08:22:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::444; helo=mail-wr1-x444.google.com; [email protected]; receiver=<UNKNOWN> Received: from mail-wr1-x444.google.com (mail-wr1-x444.google.com [IPv6:2a00:1450:4864:20::444]) by email.devuan.org (Postfix) with ESMTPS id 2683642 for <[email protected]>; Thu, 30 Nov 2023 08:22:17 +0000 (UTC) Received: by mail-wr1-x444.google.com with SMTP id ffacd0b85a97d-32f8441dfb5so451889f8f.0 for <[email protected]>; Thu, 30 Nov 2023 00:22:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701332536; x=1701937336; darn=bugs.devuan.org; h=content-transfer-encoding:mime-version:message-id:references :in-reply-to:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=awdugdgvLxf9KzsLJMK69eyFMis6cLDaatRSnOAI+bo=; b=SOOqGms0qfu7iGgIRWtQP0+j7s0IHsirI1Vmw7d820Kd17iILSno4vy76++WTJ9Q2g FVLltiFV+YLf+gcOkBTrK6u9KTi/AiDzPS8wF8JUhr5066botO8EL2RQA1f16EaEj66x kseyyPCLjmOdz2xgJcEFcgO880KGOpByLSOc7JOWGjUg9urY/xRAWtdqdSb9cAtxdyO3 /sx9DcSf/Z2YcclujHM1CoJPuMW24oJgumCW3peFgTSMsLNL+op7PD0716cQKauoYdTW FAPxyWeDKucb2+h6OBeVnGkJiO36oRwVDOSVWjjEbtFqYdkTnYwrII5ldKRw/QQMcWp3 eSkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701332536; x=1701937336; h=content-transfer-encoding:mime-version:message-id:references :in-reply-to:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=awdugdgvLxf9KzsLJMK69eyFMis6cLDaatRSnOAI+bo=; b=crDv2DG11X3RFG7NC5FnaT+UwmGzuy7WTFXUBZoRSLXM9zK48OEtsnCXFrL0nLvwMx XFbCSMrcGmnrOQle6cjcTBpLx+WBcOV6xKH7egFVj861xaVF/JUkB0XzshLzsm008T9R tY92M0Kku+bublEMQE31xTmsZD3upxswsPZOamJcORxZ20DpkvH4i5PSESkX8n3r9t3X 5AVTgBPqWDmN/eFY23/IJAGTGQubSte+JZYW3mblK5ndNKEfttIRa9ahCLfce8+Qt5Oq nSI+JL+Ylu79Mqlq02BGQum3WjaWv1YluSpwINwhtrfLEzpEkmxEK8bfUr2sWMXPmKOL jpqQ== X-Gm-Message-State: AOJu0Yyd68k0YeDdMLXYroARbb0owCA++F/s0+joLB4Iu8HprRI41JbX MPKAv+jgg4MJnv159EBmZvY= X-Google-Smtp-Source: AGHT+IGyv7SQtb7DsFjgc/sTWwF+hLi0eNL46ooZtmFGbIs0JW1j4xroitTUlaAvltcGIU8a2VFo5A== X-Received: by 2002:a05:6000:ac9:b0:332:fe7e:2a31 with SMTP id di9-20020a0560000ac900b00332fe7e2a31mr10212237wrb.26.1701332535502; Thu, 30 Nov 2023 00:22:15 -0800 (PST) Received: from [127.0.0.1] ([188.113.129.102]) by smtp.gmail.com with ESMTPSA id u15-20020a5d6daf000000b00333201aa437sm827318wrs.75.2023.11.30.00.22.14 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 30 Nov 2023 00:22:15 -0800 (PST) Date: Thu, 30 Nov 2023 09:19:51 +0000 From: meow <[email protected]> To: Mark Hindley <[email protected]> CC: [email protected] In-Reply-To: <[email protected]> Message-ID: <[email protected]> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=----4PYC1R8B93Q5LY51VHZPXU32JC5TDA Content-Transfer-Encoding: 7bit ------4PYC1R8B93Q5LY51VHZPXU32JC5TDA Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable i reply to: " Hi, On Sat, Nov 25, 2023 at 06:48:42AM +0000, meow wrote: Yes, you=E2=80=99re right, it should be included in the configuration file= =2E /etc/pam=2Ed/supervise-daemon: #%PAM-1=2E0 auth required pam_permit=2Eso account required pam_permit=2Eso password required pam_deny=2Eso session optional pam_limits=2Eso @include common-account @include common-session-nointeractive use 'common-*' incorrectly=2E we only need common-account and common-session-nointetactive=2E This is different to what I suggested=2E I think auth required pam_permit=2Eso account required pam_permit=2Eso Should be *replaced* by @include common-auth @include common-account And session optional pam_limits=2Eso should be after @include common-session-nointetactive That makes the whole config #%PAM-1=2E0 password required pam_deny=2Eso @include common-account @include common-account @include common-session-nointeractive session optional pam_limits=2Eso Is that better? If you have improvements, please provide the reasoning as well=2E Thanks Mark " On November 29, 2023 5:39:27 PM UTC, Mark Hindley <mark@hindley=2Eorg=2Euk= > wrote: >On Wed, Nov 29, 2023 at 12:07:57AM +0000, meow wrote: >> No, there are nuances=2E for example, the PAM access module=2E >> if you turn it on, supervise-daemon stops working correctly=2E > >Please don't top post=2E > >I don't understand what you are answering here=2E > >Sorry=2E > >Mark > ------4PYC1R8B93Q5LY51VHZPXU32JC5TDA Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><head></head><body><div dir=3D"auto">i reply to:<br><br>"<br>Hi,<br><= br>On Sat, Nov 25, 2023 at 06:48:42AM +0000, meow wrote:<br><br>Yes, you=E2= =80=99re right, it should be included in the configuration file=2E<br>/etc/= pam=2Ed/supervise-daemon:<br>#%PAM-1=2E0<br>auth required pam_permit=2Eso<b= r>account required pam_permit=2Eso<br>password required pam_deny=2Eso<br>se= ssion optional pam_limits=2Eso<br>@include common-account<br>@include commo= n-session-nointeractive<br>use 'common-*' incorrectly=2E we only need commo= n-account and<br>common-session-nointetactive=2E<br><br><br>This is differe= nt to what I suggested=2E<br><br>I think<br><br>auth required pam_permit=2E= so<br>account required pam_permit=2Eso<br><br><br>Should be *replaced* by<b= r><br>@include common-auth<br>@include common-account<br><br>And<br><br>ses= sion optional pam_limits=2Eso<br><br><br>should be after<br><br>@include co= mmon-session-nointetactive<br><br>That makes the whole config<br><br>#%PAM-= 1=2E0<br>password required pam_deny=2Eso<br>@include common-account<br>@inc= lude common-account<br>@include common-session-nointeractive<br>session opt= ional pam_limits=2Eso<br><br>Is that better?<br><br>If you have improvement= s, please provide the reasoning as well=2E<br><br>Thanks<br><br>Mark "<br><= br></div><br><br><div class=3D"gmail_quote"><div dir=3D"auto">On November 2= 9, 2023 5:39:27 PM UTC, Mark Hindley <mark@hindley=2Eorg=2Euk> wrote:= </div><blockquote class=3D"gmail_quote" style=3D"margin: 0pt 0pt 0pt 0=2E8e= x; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"> <pre class=3D"k9mail"><div dir=3D"auto">On Wed, Nov 29, 2023 at 12:07:57AM= +0000, meow wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"mar= gin: 0pt 0pt 1ex 0=2E8ex; border-left: 1px solid #729fcf; padding-left: 1ex= ;"><div dir=3D"auto">No, there are nuances=2E for example, the PAM access m= odule=2E<br>if you turn it on, supervise-daemon stops working correctly=2E<= br></div></blockquote><div dir=3D"auto"><br>Please don't top post=2E<br><br= >I don't understand what you are answering here=2E<br><br>Sorry=2E<br><br>M= ark<br><br></div></pre></blockquote></div></body></html> ------4PYC1R8B93Q5LY51VHZPXU32JC5TDA--
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 X-Loop: [email protected] From: "Devuan bug Tracking System" <[email protected]> To: meow <[email protected]> Subject: bug#805: Info received (bug#805: openrc: supervise-daemon: missing PAM configuration) Message-ID: <[email protected]> References: <[email protected]> X-Devuan-PR-Message: ack-info 805 X-Devuan-PR-Package: openrc X-Devuan-PR-Keywords: patch Reply-To: [email protected] Date: Thu, 30 Nov 2023 08:24:02 +0000 Thank you for the additional information you have supplied regarding this bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): [email protected] If you wish to submit further information on this problem, please send it to [email protected]. Please do not send mail to [email protected] unless you wish to report a problem with the Bug-tracking system. --=20 805: https://bugs.devuan.org/cgi/bugreport.cgi?bug=3D805 Devuan Bug Tracking System Contact [email protected] with problems
X-Loop: [email protected] Subject: bug#805: openrc: supervise-daemon: missing PAM configuration Reply-To: meow <[email protected]>, [email protected] Resent-From: meow <[email protected]> Resent-To: [email protected] Resent-CC: [email protected] X-Loop: [email protected] Resent-Date: Fri, 01 Dec 2023 01:14:01 +0000 Resent-Message-ID: <[email protected]> Resent-Sender: [email protected] X-Devuan-PR-Message: followup 805 X-Devuan-PR-Package: openrc X-Devuan-PR-Keywords: patch References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <ZWL6ZnDmsDw/[email protected]> <[email protected]> <[email protected]> <[email protected]> Received: via spool by [email protected] id=B805.170139321112282 (code B ref 805); Fri, 01 Dec 2023 01:14:01 +0000 Received: (at 805) by bugs.devuan.org; 1 Dec 2023 01:13:31 +0000 Delivered-To: [email protected] Received: from email.devuan.org [2a01:4f8:a0:3284::74ca:8ad2] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Fri, 01 Dec 2023 01:13:31 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id h5ozHiczaWVGJwAAmSBk0A (envelope-from <[email protected]>) for <[email protected]>; Fri, 01 Dec 2023 01:13:11 +0000 Received: by email.devuan.org (Postfix, from userid 109) id 70E25721; Fri, 1 Dec 2023 01:13:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: X-Spam-Status: No, score=0.7 required=5.0 tests=DATE_IN_PAST_12_24,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::443; helo=mail-wr1-x443.google.com; [email protected]; receiver=<UNKNOWN> Received: from mail-wr1-x443.google.com (mail-wr1-x443.google.com [IPv6:2a00:1450:4864:20::443]) by email.devuan.org (Postfix) with ESMTPS id 4F30227 for <[email protected]>; Fri, 1 Dec 2023 01:13:05 +0000 (UTC) Received: by mail-wr1-x443.google.com with SMTP id ffacd0b85a97d-32f8441dfb5so1155330f8f.0 for <[email protected]>; Thu, 30 Nov 2023 17:13:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701393184; x=1701997984; darn=bugs.devuan.org; h=content-transfer-encoding:mime-version:message-id:references :in-reply-to:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=awdugdgvLxf9KzsLJMK69eyFMis6cLDaatRSnOAI+bo=; b=AhtoW/LqnSkyL2sxLffRNMVO0vS3sfRJQgOD+C2koKnGHp7zMBZJf0gKRZhU8bgLUh dNN63hFELVbyO7JBx2flp//nLMkjEvT4tCvXVt55ldRUtlNC0v6ffv9MFk44Z6J6gpDY DleCO78ngWPeyB15LzhljF1muUed4N04mOaC0X297c/qaM8Z1PotmMHjZ0THDXc3RJZ3 lYqV4JeAYgNdrvoJebIbBsgMBLucfsXwKQgVVN2BPWi5/e2omA3L6Y7uisUsMz8ej5qy /ycQbqfVMD2BibP/uYn8nzthOqF6HRx8/Afeq4X82qyYt/PRNlgQdGTK+PI10noV0MCE s//A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701393184; x=1701997984; h=content-transfer-encoding:mime-version:message-id:references :in-reply-to:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=awdugdgvLxf9KzsLJMK69eyFMis6cLDaatRSnOAI+bo=; b=AdAyl08zbLEyD5sEOw5aMz/dNt4DRb4IxL+7LpqKxw4YUaWwn5P/qgm2zZhRz3Wu2Q l0tzDm3oKAe+ECVW011vVY1KaBOHvfTDloONxRFUZX2Ko+j11eIuzRGrBrHZinJTLBLC 6Og08bn8rMksk8IJnewfyAqDsZjHQN+UNMX+WSTpG+mmtT4y1pzA6jlXY1X0be87z0So p0gKcaUaL80A7IOk7PXqfdgOks95C6spPYD9H9KcrUroZwmsNJjVAGBGShyJlaC+7vUY iVXyGXv4xgl/8Lhih3e4G4zAwdXPx2ZXQ0WPqrUkmh1YnYrPIL9wAJ2b5GFOQFReKAqv Dfuw== X-Gm-Message-State: AOJu0Yz4TUQy7+uf3WzBD8yumtg0l12vY4nekgsp/aw1mkGUeXw+yzAd +JGAH+o0NWh09JEwUIFAcd8= X-Google-Smtp-Source: AGHT+IENFWV55ivn3A02wBgEJmqmTUZIcu0CNW4Q+7U3S1reW/u1Vvy/IyCCAcMCToItDNqfTtZyLg== X-Received: by 2002:adf:ffc6:0:b0:333:2fd2:6f72 with SMTP id x6-20020adfffc6000000b003332fd26f72mr227251wrs.124.1701393184087; Thu, 30 Nov 2023 17:13:04 -0800 (PST) Received: from [127.0.0.1] ([188.113.129.102]) by smtp.gmail.com with ESMTPSA id p5-20020a5d4585000000b0033314c63881sm2830250wrq.22.2023.11.30.17.13.03 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 30 Nov 2023 17:13:03 -0800 (PST) Date: Thu, 30 Nov 2023 09:19:51 +0000 From: meow <[email protected]> To: Mark Hindley <[email protected]> CC: [email protected] In-Reply-To: <[email protected]> Message-ID: <[email protected]> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=----4PYC1R8B93Q5LY51VHZPXU32JC5TDA Content-Transfer-Encoding: 7bit ------4PYC1R8B93Q5LY51VHZPXU32JC5TDA Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable i reply to: " Hi, On Sat, Nov 25, 2023 at 06:48:42AM +0000, meow wrote: Yes, you=E2=80=99re right, it should be included in the configuration file= =2E /etc/pam=2Ed/supervise-daemon: #%PAM-1=2E0 auth required pam_permit=2Eso account required pam_permit=2Eso password required pam_deny=2Eso session optional pam_limits=2Eso @include common-account @include common-session-nointeractive use 'common-*' incorrectly=2E we only need common-account and common-session-nointetactive=2E This is different to what I suggested=2E I think auth required pam_permit=2Eso account required pam_permit=2Eso Should be *replaced* by @include common-auth @include common-account And session optional pam_limits=2Eso should be after @include common-session-nointetactive That makes the whole config #%PAM-1=2E0 password required pam_deny=2Eso @include common-account @include common-account @include common-session-nointeractive session optional pam_limits=2Eso Is that better? If you have improvements, please provide the reasoning as well=2E Thanks Mark " On November 29, 2023 5:39:27 PM UTC, Mark Hindley <mark@hindley=2Eorg=2Euk= > wrote: >On Wed, Nov 29, 2023 at 12:07:57AM +0000, meow wrote: >> No, there are nuances=2E for example, the PAM access module=2E >> if you turn it on, supervise-daemon stops working correctly=2E > >Please don't top post=2E > >I don't understand what you are answering here=2E > >Sorry=2E > >Mark > ------4PYC1R8B93Q5LY51VHZPXU32JC5TDA Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><head></head><body><div dir=3D"auto">i reply to:<br><br>"<br>Hi,<br><= br>On Sat, Nov 25, 2023 at 06:48:42AM +0000, meow wrote:<br><br>Yes, you=E2= =80=99re right, it should be included in the configuration file=2E<br>/etc/= pam=2Ed/supervise-daemon:<br>#%PAM-1=2E0<br>auth required pam_permit=2Eso<b= r>account required pam_permit=2Eso<br>password required pam_deny=2Eso<br>se= ssion optional pam_limits=2Eso<br>@include common-account<br>@include commo= n-session-nointeractive<br>use 'common-*' incorrectly=2E we only need commo= n-account and<br>common-session-nointetactive=2E<br><br><br>This is differe= nt to what I suggested=2E<br><br>I think<br><br>auth required pam_permit=2E= so<br>account required pam_permit=2Eso<br><br><br>Should be *replaced* by<b= r><br>@include common-auth<br>@include common-account<br><br>And<br><br>ses= sion optional pam_limits=2Eso<br><br><br>should be after<br><br>@include co= mmon-session-nointetactive<br><br>That makes the whole config<br><br>#%PAM-= 1=2E0<br>password required pam_deny=2Eso<br>@include common-account<br>@inc= lude common-account<br>@include common-session-nointeractive<br>session opt= ional pam_limits=2Eso<br><br>Is that better?<br><br>If you have improvement= s, please provide the reasoning as well=2E<br><br>Thanks<br><br>Mark "<br><= br></div><br><br><div class=3D"gmail_quote"><div dir=3D"auto">On November 2= 9, 2023 5:39:27 PM UTC, Mark Hindley <mark@hindley=2Eorg=2Euk> wrote:= </div><blockquote class=3D"gmail_quote" style=3D"margin: 0pt 0pt 0pt 0=2E8e= x; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"> <pre class=3D"k9mail"><div dir=3D"auto">On Wed, Nov 29, 2023 at 12:07:57AM= +0000, meow wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"mar= gin: 0pt 0pt 1ex 0=2E8ex; border-left: 1px solid #729fcf; padding-left: 1ex= ;"><div dir=3D"auto">No, there are nuances=2E for example, the PAM access m= odule=2E<br>if you turn it on, supervise-daemon stops working correctly=2E<= br></div></blockquote><div dir=3D"auto"><br>Please don't top post=2E<br><br= >I don't understand what you are answering here=2E<br><br>Sorry=2E<br><br>M= ark<br><br></div></pre></blockquote></div></body></html> ------4PYC1R8B93Q5LY51VHZPXU32JC5TDA--
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 X-Loop: [email protected] From: "Devuan bug Tracking System" <[email protected]> To: meow <[email protected]> Subject: bug#805: Info received (bug#805: openrc: supervise-daemon: missing PAM configuration) Message-ID: <[email protected]> References: <[email protected]> X-Devuan-PR-Message: ack-info 805 X-Devuan-PR-Package: openrc X-Devuan-PR-Keywords: patch Reply-To: [email protected] Date: Fri, 01 Dec 2023 01:14:02 +0000 Thank you for the additional information you have supplied regarding this bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): [email protected] If you wish to submit further information on this problem, please send it to [email protected]. Please do not send mail to [email protected] unless you wish to report a problem with the Bug-tracking system. --=20 805: https://bugs.devuan.org/cgi/bugreport.cgi?bug=3D805 Devuan Bug Tracking System Contact [email protected] with problems
Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.
Devuan Bugs Owner <[email protected]>.
Last modified:
Tue, 3 Dec 2024 00:39:01 UTC