Package: user-setup Version: 1.83 Severity: normal User: de...@kali.org Usertags: origin-kali
Following https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802211 the systemd-sulogin-shell binary run by rescue.service and emergency.service now adds the --force flag for the sulogin call when SYSTEMD_SULOGIN_FORCE is set to 1 in the environment. https://github.com/systemd/systemd/commit/33eb44fe4a8d7971b5614bc4c2d90f8d91cce66c explains that the expectation is that distributions should now put service override files to set this environment variable. Thus user-setup should create the appropriate configuration file when the root account is not configured. Maybe this should be controlled by some low priority debconf question as the password-less login through the rescue boot entry can be seen as a security issue by some. Cheers, -- System Information: Debian Release: bullseye/sid APT prefers oldoldstable APT policy: (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages user-setup depends on: ii adduser 3.118 ii debconf [debconf-2.0] 1.5.73 ii passwd 1:4.8.1-1 user-setup recommends no packages. user-setup suggests no packages.
