Your message dated Tue, 22 Aug 2017 11:35:46 +0000 with message-id <e1dk7tg-0006ie...@fasolo.debian.org> and subject line Bug#869585: fixed in physlock 11-1 has caused the Debian Bug report #869585, regarding physlock: with disabled root, allows bypassing security check to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 869585: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869585 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: physlock Version: 0.4.5-2 Severity: grave Dear Maintainer, "Debian installs default to disabling the root account when the user does not input a root password. However in such cases physlock does the incorrect thing and allows a user who types root [ENTER] [ENTER] to bypass the security check (with a minor error message displayed). The correct behaviour is forbid root login and keep the lock in place." I stole this from: https://github.com/muennich/physlock/issues/51. I reproduced this. As above mentioned github issue mentions Current master behaves different, meaning it "uses the utmp file to identify the owner of the current session", which in turn means it's not possible any more to specify the user who locks the VTs. However this way it does not allow to login as root when a normal user locked the VTs. Sorry if you already got this information from this github issue, but I felt it was appropriate to open a bug report for this issue. Thanks, Gregor -- System Information: Debian Release: 9.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---Source: physlock Source-Version: 11-1 We believe that the bug you reported is fixed in the latest version of physlock, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 869...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Prokop <m...@debian.org> (supplier of updated physlock package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 17 Aug 2017 14:06:44 +0200 Source: physlock Binary: physlock Architecture: source amd64 Version: 11-1 Distribution: unstable Urgency: medium Maintainer: Michael Prokop <m...@debian.org> Changed-By: Michael Prokop <m...@debian.org> Description: physlock - lightweight Linux console locking tool Closes: 863611 869585 Changes: physlock (11-1) unstable; urgency=medium . * [22f432c] New upstream version 11 (Closes: #863611) (By switching to utmp/libpam handling, also: Closes: #869585) * [dca45ef] Add libpam0g-dev as Build-Dependency * [df68875] Bump Standards-Version to 4.0.1 * [678e6f1] Drop debian/patches, no longer necessary with new upstream versions Checksums-Sha1: bbf0356512df09779b67a01e01d20e26aa0a3faa 1820 physlock_11-1.dsc a971208529f304087774cdff84d0db68430059fb 13788 physlock_11.orig.tar.gz bb938dd9e52367d290b5d40fc780c46bc112c637 2344 physlock_11-1.debian.tar.xz 67d7bf8c22a30c418468364de05262a5b5f76134 19066 physlock-dbgsym_11-1_amd64.deb bd7e2fd717079e1ebedbe9dacdd790ba3598df06 5529 physlock_11-1_amd64.buildinfo f323230fb2e5aea56f6035575f76d483ec422292 11402 physlock_11-1_amd64.deb Checksums-Sha256: f1558a61b962a8493476c9f35e423cc2dce81896ffc34d7f5a27c9041b2fe3db 1820 physlock_11-1.dsc b6de1614ac2dd81ca4fc7b2d0b4ba5195b78e4c56d545db5d1905cb2905de73d 13788 physlock_11.orig.tar.gz ffce95bb0ac0e364189b6cb73f51bf06f760604bd810edac0e81b72d1b7b9773 2344 physlock_11-1.debian.tar.xz 6cec46612e2c8490dfeaf0d077ea162f7559005615aeeedfa45fbe7c7de07cfc 19066 physlock-dbgsym_11-1_amd64.deb 0abe718f387f2ff8a1096693f0b670897e06e17608dc86dcc46d9d5925df3e02 5529 physlock_11-1_amd64.buildinfo 4c5418d71976d3e4a591e3e49b50fff00d46e944c7ba6bb33a2ba0b8178f7491 11402 physlock_11-1_amd64.deb Files: d432b4ae0e87504080df517c5ac529a1 1820 utils optional physlock_11-1.dsc 01dc034f338b411c5a7bb0840e0abf99 13788 utils optional physlock_11.orig.tar.gz fad6414ae2fa99664f227f2447b9dbe6 2344 utils optional physlock_11-1.debian.tar.xz f266f59003d63268beedb37518dcd0d2 19066 debug extra physlock-dbgsym_11-1_amd64.deb f27e9e914a0b12c2643ef8bcf460ddd7 5529 utils optional physlock_11-1_amd64.buildinfo f6c8a51c9450b31b64f413a0b1e613cb 11402 utils optional physlock_11-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJZlYgJAAoJEJaoeHK36jc3Bj0P/AzWRU7F9zwDJTTp50MtVlT4 IQJrzONbll2TF5ovzjyzcADHeO0yHOqceWhcW7tunVy48YRy6EfT14kRpa2iKKjp AUJ0xspbkcNAcWC0dmrTr8nRWkJLuJrRzicd4l57UKnjLNLmmHE23XVcKmd0cIAO SYYNKcu8wZtgUI0hiPdxbv1IHFnE8CHd77EPUDOJPf8e90ovWFMLFjKtflOEqMmD +a+V37RpuMciEfQaTRDutmD0Ec2UPvO7/hb0WmT16RVHK0aH7jZvstLdgOTx59OR 5Mq6aPLuIJP64lH9oWXIDNt0jxUSMPUOv9m0ecxPRWhkgVWDdp/pbaR3+Ddtn7F0 WRVI2ulyWr8ta+5dfbNqaWGg2erC9VoQYTTnIB5z66W7GHbvIZMS0ARut3poQ/GL ADfRhsal25HzhWrTac3hBBEki1tAPj9LnWmZRcVEiRgAbLj8nejz8Mkubk7nZJp+ 17cdGxk8Ds2/QBq7uS6YQq17IH8/1R9cBG1Q3q+zm+MLtU/FIOmq6OTRx0pD9lNL snW3laTaxwZVZXHFa7urB5kuNWw3CcvZdL5J6Aswvy3M+7Seqz0fRT8Xkwt5Viir OKcy6NAWnVGVyugjFazZII0hoIH6n/79nuu2E9GAtdnmNR2xgb7XnIcE5y8f+HLc mBVJg74WiLk8thCApB2q =treN -----END PGP SIGNATURE-----
--- End Message ---
