Package: libpam-modules Version: 1.1.1-3 Severity: important
Hi, pam_motd should not change motd. motd is message of the day. It should not change on each login. Moreover, on heavy servers, it might cause a problem if this file is updated on every login (and by run-parts, no less, even though it's renamed from motd.new to motd, all the run-parts output's are to (the same) motd.new. I can think of some ways for the file to be empty by the end or contain invalid data). For arbitrary script output from pam, a pam_script should be built which gets a parameter of which script to run, don't mess the motd which might be used by other facilities (though by looking at /etc/update-motd.d, it should be in profile or bashrc, and not motd). There is no reason to run the script, save the output to file, and then read the file. At the very least, this should be optional/configurable (i.e. through a parameter in the pam.conf). It should also be documented on other places besides "<src>/debian/patches-applied/update-motd" (It took me a while to figure out who changes the motd). Lastly, some might consider notifying all users how many security updates are needed, a security bug (though this might be an update-notifier-common bug). Yair. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'oldstable'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.33mos-1 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libpam-modules depends on: ii debconf [debconf-2.0] 1.5.32 Debian configuration management sy ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib ii libdb4.8 4.8.26-1 Berkeley v4.8 Database Libraries [ ii libpam0g 1.1.1-3 Pluggable Authentication Modules l ii libselinux1 2.0.94-1 SELinux runtime shared libraries libpam-modules recommends no packages. libpam-modules suggests no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org