Bug#581537: libpam-modules: pam_motd changes the motd

Thu, 13 May 2010 06:33:19 -0700 

Package: libpam-modules
Version: 1.1.1-3
Severity: important


Hi,

pam_motd should not change motd. 

motd is message of the day. It should not change on each login. Moreover, on
heavy servers, it might cause a problem if this file is updated on every login
(and by run-parts, no less, even though it's renamed from motd.new to motd, all
the run-parts output's are to (the same) motd.new. I can think of some ways for
the file to be empty by the end or contain invalid data).

For arbitrary script output from pam, a pam_script should be built which gets a
parameter of which script to run, don't mess the motd which might be used by
other facilities (though by looking at /etc/update-motd.d, it should be in
profile or bashrc, and not motd). There is no reason to run the script, save
the output to file, and then read the file.

At the very least, this should be optional/configurable (i.e. through a
parameter in the pam.conf). It should also be documented on other places
besides "<src>/debian/patches-applied/update-motd" (It took me a while to
figure out who changes the motd).

Lastly, some might consider notifying all users how many security updates are
needed, a security bug (though this might be an update-notifier-common bug).

    Yair.

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'oldstable'), (500, 'unstable'), (500, 
'stable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.33mos-1 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libpam-modules depends on:
ii  debconf [debconf-2.0]         1.5.32     Debian configuration management sy
ii  libc6                         2.10.2-6   Embedded GNU C Library: Shared lib
ii  libdb4.8                      4.8.26-1   Berkeley v4.8 Database Libraries [
ii  libpam0g                      1.1.1-3    Pluggable Authentication Modules l
ii  libselinux1                   2.0.94-1   SELinux runtime shared libraries

libpam-modules recommends no packages.

libpam-modules suggests no packages.

-- debconf information excluded



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to