diff options
author | Damien Miller <djm@mindrot.org> | 2016-04-13 10:39:57 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2016-04-13 10:44:42 +1000 |
commit | 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 (patch) | |
tree | 81bd3cec4c5770fcbb3984996dc69d79ff593e18 | |
parent | dce19bf6e4a2a3d0b13a81224de63fc316461ab9 (diff) |
ignore PAM environment vars when UseLogin=yes
If PAM is configured to read user-specified environment variables
and UseLogin=yes in sshd_config, then a hostile local user may
attack /bin/login via LD_PRELOAD or similar environment variables
set via PAM.
CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
-rw-r--r-- | session.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell) | |||
1322 | * Pull in any environment variables that may have | 1322 | * Pull in any environment variables that may have |
1323 | * been set by PAM. | 1323 | * been set by PAM. |
1324 | */ | 1324 | */ |
1325 | if (options.use_pam) { | 1325 | if (options.use_pam && !options.use_login) { |
1326 | char **p; | 1326 | char **p; |
1327 | 1327 | ||
1328 | p = fetch_pam_child_environment(); | 1328 | p = fetch_pam_child_environment(); |