nixos/phosh: Fix unrestricted login because of insecure PAM config

The PAM config deployed would not check anything meaningful. Remove it and rely on the defaults in the security.pam module to fix login with arbitrary credentials. Resolves: #123435
2024-09-22 13:08:39 +03:00 · 2021-05-18 05:40:52 +02:00 · 2021-05-18 05:40:52 +02:00 · ec9cfba2d3
commit ec9cfba2d3
parent 15254515d0
1 changed files with 1 additions and 9 deletions
--- a/nixos/modules/programs/phosh.nix
+++ b/nixos/modules/programs/phosh.nix
@ -145,15 +145,7 @@ in {

    programs.feedbackd.enable = true;

-    # https://source.puri.sm/Librem5/phosh/-/issues/303
-    security.pam.services.phosh = {
-      text = ''
-        auth    requisite       pam_nologin.so
-        auth    required        pam_succeed_if.so user != root quiet_success
-        auth    required        pam_securetty.so
-        auth    requisite       pam_nologin.so
-      '';
-    };
+    security.pam.services.phosh = {};

    services.gnome.core-shell.enable = true;
    services.gnome.core-os-services.enable = true;