This bug was fixed in the package pam - 1.1.3-1ubuntu3
---
pam (1.1.3-1ubuntu3) oneiric; urgency=low
[ Steve Langasek ]
* debian/patches/pam_motd-legal-notice: use pam_modutil_gain/drop_priv
common helper functions, instead of hand-rolled uid-setting code.
[ Martin Pitt ]
The "usergroup" checks of pam_umask should be more secure against false
privilege escalation.
> When /etc/passwd specifies my UPG as my primary group, why does it
matter if my own user is added to my group in [/etc/group]?
That is convention 2) for UPGs.
For the system itself there should be no
@ceg: My branch doesn't change the pam_umask checks, it only enables
pam_umask itself and the usergroups feature.
TBH I don't quite understand http://lists.debian.org/debian-
devel/2010/05/msg01069.html: When /etc/passwd specifies my UPG as my
primary group, why does it matter if my own user is ad
May you also consider the secure UPG detection checks 2) and 3) in your
branch?
2) and 3) where summarized here:
http://lists.debian.org/debian-devel/2010/05/msg00887.html
and the discussion followed:
http://lists.debian.org/debian-devel/2010/05/msg01069.html
--
You received this bug notificatio
Attached branch now adds pam_umask. I also tested that this works on
upgrade.
I did not add "usergroup", as this will be handled by parsing
/etc/login.defs for USERGROUP_ENAB, see
https://blueprints.launchpad.net/ubuntu/+spec/umask-to-0002
** Changed in: pam (Ubuntu)
Status: Triaged => Fix
** Branch linked: lp:~pitti/pam/pam-umask
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/253096
Title:
pam_umask.so not called in /etc/pam.d/common-session{,-noninteractive}
To manage notifications
** Changed in: pam (Ubuntu)
Status: New => Triaged
** Changed in: pam (Ubuntu)
Importance: Undecided => Medium
** Changed in: pam (Ubuntu)
Assignee: Steve Langasek (vorlon) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is sub
The issue that sudo's pam config is not including the common-session
configuration is now tracked separately Bug #549172
and the /etc/pam.d/common-session{,-noninteractive} patch would be the right
seed to call pam_umask.
--
pam_umask.so not called in /etc/pam.d/common-session{,-noninteractive}
** Summary changed:
- pam_umask.so missing in common-account
+ pam_umask.so not called in /etc/pam.d/common-session{,-noninteractive}
--
pam_umask.so not called in /etc/pam.d/common-session{,-noninteractive}
https://bugs.launchpad.net/bugs/253096
You received this bug notification because you ar
