Package: ejabberd Version: 16.08-1~bpo8+1 Severity: important Dear Maintainer,
I use pam authantication with ejabberd and after upgrading to 16.08-1~bpo8+1 I can no longer authenticate. The epam process is running as ejabberd:ejabberd even tho it is still setgid shadow, which means that unix_chkpwd cat't access /etc/shadow and actually check the password. Downgrading to 16.06-3~bpo8+1 makes it work again. I've had a brief look at the upstream changelogs and there does not appear to be any obvious changes that could of caused this. Some info: # ls -l /usr/lib/erlang/p1_pam/bin/epam -rwxr-sr-x 1 root shadow 55176 Jul 3 11:09 /usr/lib/erlang/p1_pam/bin/epam With 16.08-1~bpo8+1: # ps -p `pidof epam` -o user,group,egroup,euser,fgid,fgroup,fuid,fuser,ruser,rgroup,sgroup,suser,supgrp,comm,args | cat USER GROUP EGROUP EUSER FGID FGROUP FUID FUSER RUSER RGROUP SGROUP SUSER SUPGRP COMMAND COMMAND ejabberd ejabberd ejabberd ejabberd 120 ejabberd 113 ejabberd ejabberd ejabberd ejabberd ejabberd ejabberd epam /usr/lib/erlang/p1_pam/bin/epam With 16.06-3~bpo8+1: # ps -p `pidof epam` -o user,group,egroup,euser,fgid,fgroup,fuid,fuser,ruser,rgroup,sgroup,suser,supgrp,comm,args | cat USER GROUP EGROUP EUSER FGID FGROUP FUID FUSER RUSER RGROUP SGROUP SUSER SUPGRP COMMAND COMMAND ejabberd shadow shadow ejabberd 42 shadow 113 ejabberd ejabberd ejabberd shadow ejabberd ejabberd epam /usr/lib/erlang/p1_pam/bin/epam -- System Information: Debian Release: 8.5 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 4.6.0-0.bpo.1-amd64 (SMP w/24 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages ejabberd depends on: ii adduser 3.113+nmu3 ii debconf [debconf-2.0] 1.5.56 ii erlang-asn1 1:17.3-dfsg-4 ii erlang-base [erlang-abi-17.0] 1:17.3-dfsg-4 ii erlang-crypto 1:17.3-dfsg-4 ii erlang-inets 1:17.3-dfsg-4 ii erlang-lager 2.0.3-1 ii erlang-mnesia 1:17.3-dfsg-4 ii erlang-odbc 1:17.3-dfsg-4 ii erlang-p1-cache-tab 1.0.3-1~bpo8+1 ii erlang-p1-iconv 1.0.1-1~bpo8+1 ii erlang-p1-stringprep 1.0.5-1~bpo8+1 ii erlang-p1-tls 1.0.6-1~bpo8+1 ii erlang-p1-utils 1.0.5-1~bpo8+1 ii erlang-p1-xml 1.1.14-1~bpo8+1 ii erlang-p1-yaml 1.0.5-1~bpo8+1 ii erlang-p1-zlib 1.0.1-2~bpo8+1 ii erlang-public-key 1:17.3-dfsg-4 ii erlang-ssl 1:17.3-dfsg-4 ii erlang-syntax-tools 1:17.3-dfsg-4 ii erlang-xmerl 1:17.3-dfsg-4 ii init-system-helpers 1.22 ii openssl 1.0.1t-1+deb8u2 ii ucf 3.0030 ejabberd recommends no packages. Versions of packages ejabberd suggests: pn apparmor <none> pn apparmor-utils <none> pn ejabberd-contrib <none> pn erlang-luerl <none> pn erlang-p1-mysql <none> pn erlang-p1-oauth2 <none> ii erlang-p1-pam 1.0.0-3~bpo8+1 pn erlang-p1-pgsql <none> pn erlang-p1-sip <none> pn erlang-p1-sqlite3 <none> pn erlang-p1-stun <none> pn erlang-p1-xmlrpc <none> pn erlang-redis-client <none> pn imagemagick | graphicsmagick-imagemagick-compat <none> pn libunix-syslog-perl <none> -- Configuration Files: /etc/default/ejabberd changed: ERLANG_NODE=ejabberd@monstrosity EJABBERD_PID_PATH=/run/ejabberd/ejabberd.pid EJABBERD_CONFIG_PATH=/etc/ejabberd/ejabberd.yml CONTRIB_MODULES_CONF_DIR=/etc/ejabberd/modules.d /etc/ejabberd/inetrc [Errno 13] Permission denied: u'/etc/ejabberd/inetrc' /etc/ejabberd/modules.d/README.modules [Errno 13] Permission denied: u'/etc/ejabberd/modules.d/README.modules' -- debconf information excluded
