Control: tag -1 pending Hello,
Bug #747303 in openssh reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/ssh-team/openssh/-/commit/27e78548c6f5528582a431b8a0f4b2291b966e2a ------------------------------------------------------------------------ Reorder pam_selinux(7) usage (Closes: #747303) Move the `pam_selinux.so open` call further up the stack such that most session modules are run under the updated security context of the user. Similar to the login(1) pam configuration and fedora run pam_loginuid(8) under the privileged context. Since the Debian version of pam_motd(8), due to the addition of the `noupdate` option, calls system(3), also call it under the privileged context, since users should not have permissions to for motd updates. One noticeable change is pam_keyinit(8) being run under the user context (likewise to login(8)) leading to the session key having the security context of the user instead of sshd: # current keyctl security @s system_u:system_r:sshd_t:s0 # changed keyctl security @s unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Also sync the comments with the login(8) pam configuration file. ------------------------------------------------------------------------ (this message was generated automatically) -- Greetings https://bugs.debian.org/747303
