diff options
| author | Damien Miller <djm@mindrot.org> | 2016-04-13 10:39:57 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2016-04-13 10:44:42 +1000 |
| commit | 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 (patch) | |
| tree | 81bd3cec4c5770fcbb3984996dc69d79ff593e18 | |
| parent | dce19bf6e4a2a3d0b13a81224de63fc316461ab9 (diff) | |
ignore PAM environment vars when UseLogin=yes
If PAM is configured to read user-specified environment variables
and UseLogin=yes in sshd_config, then a hostile local user may
attack /bin/login via LD_PRELOAD or similar environment variables
set via PAM.
CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
| -rw-r--r-- | session.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell) * Pull in any environment variables that may have * been set by PAM. */ - if (options.use_pam) { + if (options.use_pam && !options.use_login) { char **p; p = fetch_pam_child_environment(); |
