ignore PAM environment vars when UseLogin=yes

If PAM is configured to read user-specified environment variables
and UseLogin=yes in sshd_config, then a hostile local user may
attack /bin/login via LD_PRELOAD or similar environment variables
set via PAM.

CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
This commit is contained in:
Damien Miller 2016-04-13 10:39:57 +10:00
parent dce19bf6e4
commit 85bdcd7c92

View File

@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell)
* Pull in any environment variables that may have
* been set by PAM.
*/
if (options.use_pam) {
if (options.use_pam && !options.use_login) {
char **p;
p = fetch_pam_child_environment();