Bug#496708: libpam0g: postinst starts kdm despite being in single-user mode
control: reassign -1 init-system-helpers Reassigning to init-system-helpers, currently providing update-rc.d(8) [2008-08-26 15:22] Steve Langasek > pam is using the standard invoke-rc.d interface which all maintainer scripts > are supposed to use. This is a bug in sysv-rc for not implementing a > correct policy in single-user mode, and has previously been reported; > reassigning to sysv-rc and merging with that report.
Bug#496708: libpam0g: postinst starts kdm despite being in single-user mode
reassign 496708 sysv-rc merge 443247 496708 thanks On Tue, Aug 26, 2008 at 03:01:59PM -0700, Ross Boylan wrote: > Since current behavior starts services not intended for single user > mode, it might pose some security risk. > After booting into single-user mode I did a big dist-upgrade (via > aptitude). As part of the setup for libpam0g it gave me a list of > services that needed to be restarted, which I accepted. kdm was among > the services "restarted" (it was not running). To my surprise, this > brought up a graphical login screen, which did allow me to login. I > was able to switch back to the installation screen with ctl-alt-F1. > Other virtual terminals (e.g., vt2) continued not to offer a login > prompt. > I expected that services that were not run at runlevel 1 would not > be started up. pam is using the standard invoke-rc.d interface which all maintainer scripts are supposed to use. This is a bug in sysv-rc for not implementing a correct policy in single-user mode, and has previously been reported; reassigning to sysv-rc and merging with that report. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#496708: libpam0g: postinst starts kdm despite being in single-user mode
Package: libpam0g Version: 1.0.1-3 Severity: normal Since current behavior starts services not intended for single user mode, it might pose some security risk. After booting into single-user mode I did a big dist-upgrade (via aptitude). As part of the setup for libpam0g it gave me a list of services that needed to be restarted, which I accepted. kdm was among the services "restarted" (it was not running). To my surprise, this brought up a graphical login screen, which did allow me to login. I was able to switch back to the installation screen with ctl-alt-F1. Other virtual terminals (e.g., vt2) continued not to offer a login prompt. I expected that services that were not run at runlevel 1 would not be started up. A quick look at the postinst script shows that it seems to be trying to give this behavior. It also uses invoke-rc.d, which also is supposed to behave this way. There is a K entry (but not an S entry) for kdm in rc1.d; maybe that is confusing things. If the problem is elsewhere (e.g. invoke-rc.d), please reassign as appropriate. Thanks. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable'), (50, 'unstable'), (40, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.25-2-686 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages libpam0g depends on: ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy ii libc6 2.7-13 GNU C Library: Shared libraries hi libpam-runtime1.0.1-3Runtime support for the PAM librar libpam0g recommends no packages. Versions of packages libpam0g suggests: hi libpam-doc1.0.1-3Documentation of PAM -- debconf information: * libpam0g/restart-services: xdm kdm saslauthd heartbeat exim4 cups cron atd libpam0g/xdm-needs-restart: * libpam0g/restart-failed: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
