diff options
| author | Tomas Mraz <tm@t8m.info> | 2010-10-11 14:24:30 +0000 |
|---|---|---|
| committer | Tomas Mraz <tm@t8m.info> | 2010-10-11 14:24:30 +0000 |
| commit | 4c430f6f8391555bb1b7b78991afb20d35228efc (patch) | |
| tree | 0079e70cff4a5253867b13a6f67e09bdbcc16157 | |
| parent | bd093f250963e33c98801a1058de337e38ca1ef0 (diff) | |
| download | pam-4c430f6f8391555bb1b7b78991afb20d35228efc.tar.gz pam-4c430f6f8391555bb1b7b78991afb20d35228efc.tar.bz2 pam-4c430f6f8391555bb1b7b78991afb20d35228efc.zip | |
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-11 Tomas Mraz <t8m@centrum.cz>
* modules/pam_env/pam_env.c: Change default for user_readenv to 0.
* modules/pam_env/pam_env.8.xml: Document the new default for user_readenv.
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | modules/pam_env/pam_env.8.xml | 5 | ||||
| -rw-r--r-- | modules/pam_env/pam_env.c | 2 |
3 files changed, 11 insertions, 2 deletions
@@ -1,3 +1,8 @@ +2010-10-11 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_env/pam_env.c: Change default for user_readenv to 0. + * modules/pam_env/pam_env.8.xml: Document the new default for user_readenv. + 2010-10-07 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_selinux/pam_selinux.c (verbose_message): Fix format @@ -40,6 +45,7 @@ * modules/pam_xauth/pam_xauth.c (check_acl): Ensure that the given access control file is a regular file. +>>>>>>> 1.530 2010-09-16 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_env/pam_env.c (handle_env): Use setfsuid() return code. diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml index 536cb132..b85fbaae 100644 --- a/modules/pam_env/pam_env.8.xml +++ b/modules/pam_env/pam_env.8.xml @@ -143,7 +143,10 @@ <listitem> <para> Turns on or off the reading of the user specific environment - file. 0 is off, 1 is on. By default this option is on. + file. 0 is off, 1 is on. By default this option is off as user + supplied environment variables in the PAM environment could affect + behavior of subsequent modules in the stack without the consent + of the system administrator. </para> </listitem> </varlistentry> diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c index 8ac8ed33..6be39ba3 100644 --- a/modules/pam_env/pam_env.c +++ b/modules/pam_env/pam_env.c @@ -10,7 +10,7 @@ #define DEFAULT_READ_ENVFILE 1 #define DEFAULT_USER_ENVFILE ".pam_environment" -#define DEFAULT_USER_READ_ENVFILE 1 +#define DEFAULT_USER_READ_ENVFILE 0 #include "config.h" |