summaryrefslogtreecommitdiff
path: root/PROTOCOL.mux
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2016-04-13 10:39:57 +1000
committerDamien Miller <djm@mindrot.org>2016-04-13 10:44:42 +1000
commit85bdcd7c92fe7ff133bbc4e10a65c91810f88755 (patch)
tree81bd3cec4c5770fcbb3984996dc69d79ff593e18 /PROTOCOL.mux
parentdce19bf6e4a2a3d0b13a81224de63fc316461ab9 (diff)
ignore PAM environment vars when UseLogin=yes
If PAM is configured to read user-specified environment variables and UseLogin=yes in sshd_config, then a hostile local user may attack /bin/login via LD_PRELOAD or similar environment variables set via PAM. CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
Diffstat (limited to 'PROTOCOL.mux')
0 files changed, 0 insertions, 0 deletions