4baf0f6949
CVE-2010-3853 - try to connect to an abstract X-socket first to verify we are at real console (#647191)
28 lines
1.2 KiB
Diff
28 lines
1.2 KiB
Diff
diff -up pam/modules/pam_env/pam_env.c.nouserenv pam/modules/pam_env/pam_env.c
|
|
--- pam/modules/pam_env/pam_env.c.nouserenv 2010-10-20 09:59:30.000000000 +0200
|
|
+++ pam/modules/pam_env/pam_env.c 2010-11-01 14:42:01.000000000 +0100
|
|
@@ -10,7 +10,7 @@
|
|
#define DEFAULT_READ_ENVFILE 1
|
|
|
|
#define DEFAULT_USER_ENVFILE ".pam_environment"
|
|
-#define DEFAULT_USER_READ_ENVFILE 1
|
|
+#define DEFAULT_USER_READ_ENVFILE 0
|
|
|
|
#include "config.h"
|
|
|
|
diff -up pam/modules/pam_env/pam_env.8.xml.nouserenv pam/modules/pam_env/pam_env.8.xml
|
|
--- pam/modules/pam_env/pam_env.8.xml.nouserenv 2010-10-20 09:59:30.000000000 +0200
|
|
+++ pam/modules/pam_env/pam_env.8.xml 2010-11-01 14:42:01.000000000 +0100
|
|
@@ -147,7 +147,10 @@
|
|
<listitem>
|
|
<para>
|
|
Turns on or off the reading of the user specific environment
|
|
- file. 0 is off, 1 is on. By default this option is on.
|
|
+ file. 0 is off, 1 is on. By default this option is off as user
|
|
+ supplied environment variables in the PAM environment could affect
|
|
+ behavior of subsequent modules in the stack without the consent
|
|
+ of the system administrator.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|