rcolebaugh / rpms / openssh

Forked from rpms/openssh 2 years ago
Clone

Blame SOURCES/openssh-6.6p1-CVE-2015-8325.patch

f8987c
From 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 Mon Sep 17 00:00:00 2001
f8987c
From: Damien Miller <djm@mindrot.org>
f8987c
Date: Wed, 13 Apr 2016 10:39:57 +1000
f8987c
Subject: ignore PAM environment vars when UseLogin=yes
f8987c
f8987c
If PAM is configured to read user-specified environment variables
f8987c
and UseLogin=yes in sshd_config, then a hostile local user may
f8987c
attack /bin/login via LD_PRELOAD or similar environment variables
f8987c
set via PAM.
f8987c
f8987c
CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
f8987c
---
f8987c
 session.c | 2 +-
f8987c
 1 file changed, 1 insertion(+), 1 deletion(-)
f8987c
f8987c
diff --git a/session.c b/session.c
f8987c
index 4859245..4653b09 100644
f8987c
--- a/session.c
f8987c
+++ b/session.c
f8987c
@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell)
f8987c
 	 * Pull in any environment variables that may have
f8987c
 	 * been set by PAM.
f8987c
 	 */
f8987c
-	if (options.use_pam) {
f8987c
+	if (options.use_pam && !options.use_login) {
f8987c
 		char **p;
f8987c
 
f8987c
 		p = fetch_pam_child_environment();
f8987c
-- 
f8987c
cgit v0.11.2
f8987c
f8987c