diff options
author | Damien Miller <djm@mindrot.org> | 2016-04-13 10:39:57 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2016-04-13 10:44:42 +1000 |
commit | 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 (patch) | |
tree | 81bd3cec4c5770fcbb3984996dc69d79ff593e18 /canohost.c | |
parent | dce19bf6e4a2a3d0b13a81224de63fc316461ab9 (diff) |
ignore PAM environment vars when UseLogin=yes
If PAM is configured to read user-specified environment variables
and UseLogin=yes in sshd_config, then a hostile local user may
attack /bin/login via LD_PRELOAD or similar environment variables
set via PAM.
CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
Diffstat (limited to 'canohost.c')
0 files changed, 0 insertions, 0 deletions