[Bug 1860826] Autopkgtest regression report (pam/1.3.1-5ubuntu4.3)
Ubuntu SRU Bot
1860826 at bugs.launchpad.net
Wed Sep 29 04:41:17 UTC 2021
All autopkgtests for the newly accepted pam (1.3.1-5ubuntu4.3) for focal have finished running.
The following regressions have been reported in tests triggered by the package:
kopanocore/8.7.0-7ubuntu1 (arm64)
Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].
https://people.canonical.com/~ubuntu-archive/proposed-
migration/focal/update_excuses.html#pam
[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions
Thank you!
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/1860826
Title:
pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or
directory
Status in pam package in Ubuntu:
Fix Released
Status in pam source package in Focal:
Fix Committed
Status in pam source package in Groovy:
Won't Fix
Status in pam package in Debian:
Fix Released
Bug description:
[Impact]
Removal of the /etc/securetty file from the system results in useless log messages whenever pam_unix is invoked, which for some systems is quite a lot of logging. /etc/securetty is not coming back, and this is not an error.
[Test Plan]
1. Run 'sudo -s'. Confirm that 'journalctl | grep sudo.*securetty' returns a line 'sudo[...]: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory'.
2. Install libpam-modules update from -proposed.
3. Confirm that 'grep nullok_secure' /etc/pam.d/common-auth returns no lines.
4. Run 'sudo -k'.
5. Run 'sudo -s' again.
6. Confirm that sudo succeeds and gives you a root shell.
7. Confirm that 'journalctl | grep sudo.*securetty' does not show any new lines.
[Where problems could occur]
PAM is a sensitive package because it's used in all authentication operations on the system. A bug here could render a user unable to log in to their system.
Risks are mitigated by:
- including a patch that treats the obsolete 'nullok_secure' as an alias for 'nullok' to ensure any user-edited configurations continue to work rather than throwing errors about unknown options
- editing the system-managed /etc/pam.d/common-auth config to use 'nullok' instead of 'nullok_secure' for future compatibility.
Because we are editing the system config, this could also cause issues
on future upgrades with undesirable prompts to the user. However, the
maintainer scripts are not meant to prompt on changes to the pam-
config, and this code has been in Debian for a while with no reports
of problems.
[Original description]
Hello, after upgrading to focal I found the following in my journalctl output:
Jan 24 23:07:00 millbarge sudo[32120]: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
Jan 24 23:07:01 millbarge sudo[32120]: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
The login package stopped packaging this file:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731656
and now forcibly removes the file:
https://paste.ubuntu.com/p/myh9cGWrHD/
However, the pam package's pam_unix.so module has not yet been adapted to ignore this file:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674857#25
Thanks
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: libpam-modules 1.3.1-5ubuntu4
ProcVersionSignature: Ubuntu 5.4.0-9.12-generic 5.4.3
Uname: Linux 5.4.0-9-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu15
Architecture: amd64
Date: Fri Jan 24 23:35:33 2020
ProcEnviron:
TERM=rxvt-unicode-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: pam
UpgradeStatus: Upgraded to focal on 2020-01-24 (0 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1860826/+subscriptions
More information about the foundations-bugs
mailing list