[Bug 1970585] Re: Logic for PermitRootLogin in config script is flipped
Dominik Zäuner
1970585 at bugs.launchpad.net
Wed Apr 27 11:40:59 UTC 2022
Oh, I did just see the explanation in the postinst and templates file:
Template: openssh-server/permit-root-login
Type: boolean
Default: true
Description: Disable SSH password authentication for root?
** Changed in: openssh (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1970585
Title:
Logic for PermitRootLogin in config script is flipped
Status in openssh package in Ubuntu:
Invalid
Bug description:
In the config script of openssh-server, the debconf database is
updated with the values that are read from sshd_config.
But if I'm not mistaken the yes/no logic is flipped:
if [ "$permit_root_login" = yes ]; then
db_set openssh-server/permit-root-login false
else
db_set openssh-server/permit-root-login true
fi
Discovered this in openssh-server 7.6p1-4ubuntu0.5 on Ubuntu 18.04.5
LTS. Checked that this is still unchcanged in 8.9p1-3 on jammy.
I marked this a vulnerability as this might lead to unintended flipped
settings of permitting root to log in.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1970585/+subscriptions
More information about the foundations-bugs
mailing list