Bug#923199: openssh-server has a false dependency on libpam-systemd

Sun, 24 Feb 2019 16:12:36 -0800 

Package: openssh-server
Version: 1:7.9p1-6
Severity: serious
Tags: newcomer
Justification: Policy 7.2

openssh-server has a hard dependency on libpam-systemd. Violates "Depends: This 
declares an absolute dependcy...
The Depends field should be used if the depended-on package is required for the 
depending package to provide a significant amount of functionality."

While this dependency makes sense if systemd is actually running, it makes no 
sense at all if it isn't running. In general with most libpam-* packages,
almost no hard dependency is appropriate as the entire authentication stack may 
be hijacked on-site with the original libpam libraries not even
being loaded.

Fix: change Depends: libpam-systemd to Recommends: libpam-systemd

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages openssh-server depends on:
ii  adduser                3.118
ii  debconf [debconf-2.0]  1.5.70
ii  dpkg                   1.19.2
ii  libaudit1              1:2.8.4-2
ii  libc6                  2.28-7
ii  libcom-err2            1.44.5-1
ii  libgssapi-krb5-2       1.17-1
ii  libkrb5-3              1.17-1
ii  libpam-modules         1.3.1-5
ii  libpam-runtime         1.3.1-5
ii  libpam0g               1.3.1-5
ii  libselinux1            2.8-1+b1
ii  libssl1.1              1.1.1a-1
ii  libsystemd0            240-6
ii  libwrap0               7.6.q-27
ii  lsb-base               10.2018112800
ii  openssh-client         1:7.9p1-6
ii  openssh-sftp-server    1:7.9p1-6
ii  procps                 2:3.3.15-2
ii  ucf                    3.0038+nmu1
ii  zlib1g                 1:1.2.11.dfsg-1

Versions of packages openssh-server recommends:
ii  libpam-systemd-apt-holepunch [libpam-systemd]  1
ii  ncurses-term                                   6.1+20181013-2
ii  xauth                                          1:1.0.10-1

Versions of packages openssh-server suggests:
ii  ksshaskpass [ssh-askpass]  4:5.14.5-1
pn  molly-guard                <none>
pn  monkeysphere               <none>
pn  rssh                       <none>
pn  ufw                        <none>

-- debconf information excluded

Reply via email to