summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2016-04-13 10:39:57 +1000
committerDamien Miller <djm@mindrot.org>2016-04-13 10:44:42 +1000
commit85bdcd7c92fe7ff133bbc4e10a65c91810f88755 (patch)
tree81bd3cec4c5770fcbb3984996dc69d79ff593e18
parentdce19bf6e4a2a3d0b13a81224de63fc316461ab9 (diff)
ignore PAM environment vars when UseLogin=yes
If PAM is configured to read user-specified environment variables and UseLogin=yes in sshd_config, then a hostile local user may attack /bin/login via LD_PRELOAD or similar environment variables set via PAM. CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
-rw-r--r--session.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/session.c b/session.c
index 48592457..4653b09f 100644
--- a/session.c
+++ b/session.c
@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell)
* Pull in any environment variables that may have
* been set by PAM.
*/
- if (options.use_pam) {
+ if (options.use_pam && !options.use_login) {
char **p;
p = fetch_pam_child_environment();