Thank you for taking the time to file this report and help to improve
the Ubuntu system.
Using pam_deny in the PAM config is cargo-cultism. Neither is it
required for setting the default stack behavior (the default is always
to fail if no module succeeds), nor is including it sufficient to ensure
correct and secure handling of services. Furthermore, it is a valid and
real-world use case to stack additional PAM modules after
/etc/pam.d/common-*, which would be broken by including pam_deny at the
end of these include files.
This change should therefore not be made.
** Changed in: pam (Ubuntu)
Status: New => Won't Fix
--
pam configuration could use safer defaults
https://bugs.launchpad.net/bugs/152912
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
