FreeBSD-SA-21:03.pam_login_access : login.access fails to apply rules
Versions Affected : All versions prior to TrueNAS 12.0-U3
Description
A regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored.
The configuration in login.access(5) may not be applied, permitting login access to users even when the system is configured to deny it.
Workaround
No workaround is available. Systems not relying on login.access(5) to enforce custom login policies are not affected.
Mitigation
- Upgrade to TrueNAS 12.0-U3 or later.
Commit
- FreeBSD Revision : r369359
- TrueNAS Commit : b80a270
- TrueNAS Commit : 42c7377
- JIRA Ticket : NAS-109604