Package: libpam-modules Version: 0.79-4 Severity: grave adding "session required pam_limits.so" to /etc/pam.d/login results in limits beeing taken ONLY from /etc/security/limits.conf - all default values are flushed.
PROBLEMS 1) This is a minor security issue because the default configuration is an empty (only commented lines) limits.conf (thus leaving almost no limits in place where the user tries to increase security/useablility of the system and by default doing exactly the opposite). 2) Adding only some rules is not enough, adding all default limits again is required to restore default behaviour. 3) Removing pam_limits.so from /etc/pam.d/* also restores default behaviour. 4) Severity was chosen based on the pam_limits.so not the entire package. SUGGESTION - no idea what is causing this bug, probably an issue with pam_limits.so - should it be the default behaviour and not be considered a bug I suggest there should be a BIG WARNING in the pam.d/login file regarding this matter. Please note, that this error is architecture independent and that the information given below is only about where the error was verified. -- System Information: Debian Release: etch Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.23.8 -- This report was not filed by reportbug and may therefore not be 100% compliant with the debian requirements - I am sorry for inconvenience. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
