Your message dated Mon, 14 Dec 2020 21:32:44 +0100
with message-id <[email protected]>
and subject line Re: libpam0g: During configuration, "restart" kdm "starts" it!
has caused the Debian Bug report #443247,
regarding libpam0g: postinst starts kdm despite being in single-user mode
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
443247: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=443247
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libpam0g
Version: 1.0.1-3
Severity: normal
Since current behavior starts services not intended for single user
mode, it might pose some security risk.
After booting into single-user mode I did a big dist-upgrade (via
aptitude). As part of the setup for libpam0g it gave me a list of
services that needed to be restarted, which I accepted. kdm was among
the services "restarted" (it was not running). To my surprise, this
brought up a graphical login screen, which did allow me to login. I
was able to switch back to the installation screen with ctl-alt-F1.
Other virtual terminals (e.g., vt2) continued not to offer a login
prompt.
I expected that services that were not run at runlevel 1 would not
be started up.
A quick look at the postinst script shows that it seems to be trying
to give this behavior. It also uses invoke-rc.d, which also is
supposed to behave this way. There is a K entry (but not an S entry)
for kdm in rc1.d; maybe that is confusing things.
If the problem is elsewhere (e.g. invoke-rc.d), please reassign as
appropriate.
Thanks.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable'), (50, 'unstable'), (40,
'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.25-2-686 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages libpam0g depends on:
ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy
ii libc6 2.7-13 GNU C Library: Shared libraries
hi libpam-runtime 1.0.1-3 Runtime support for the PAM librar
libpam0g recommends no packages.
Versions of packages libpam0g suggests:
hi libpam-doc 1.0.1-3 Documentation of PAM
-- debconf information:
* libpam0g/restart-services: xdm kdm saslauthd heartbeat exim4 cups cron atd
libpam0g/xdm-needs-restart:
* libpam0g/restart-failed:
--- End Message ---
--- Begin Message ---
On Thu, 20 Dec 2018 02:14:59 +0100 Michael Biebl <[email protected]> wrote:
> The current documentation reads:
>
> invoke-rc.d itself only pays attention to the current runlevel;
> it will block any attempts to start a service in a runlevel in which the
> service is disabled. Other policies are implemented with the use of
> the policy-rc.d helper, and are only available if /usr/sbin/policy-rc.d
> is installed in the system.
>
> kdm is *not* disabled in runlevel 1.
> So I'd argue that the documentation is not incosistent with its behaviour.
>
> That said, it would probably a good idea if libpam0g drops that restart
> altogether (that functionality is of questionable value imho) or at
> least uses invoke-rc.d try-restart, to avoid unnecessarily starting
> services which haven't been running.
>
> If Steve is open to handle this in libpam0g, I'm going to reassign this
> back. Otherwise I'll close this bug report in a couple of weeks.
Since we didn't hear back from Steve, closing the bug report.
Regards,
Michael
signature.asc
Description: This is a digitally signed message part
--- End Message ---
