aboutsummaryrefslogtreecommitdiff
path: root/debian/patches-applied/cve-2011-4708.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches-applied/cve-2011-4708.patch')
-rw-r--r--debian/patches-applied/cve-2011-4708.patch27
1 files changed, 27 insertions, 0 deletions
diff --git a/debian/patches-applied/cve-2011-4708.patch b/debian/patches-applied/cve-2011-4708.patch
new file mode 100644
index 00000000..eb67e789
--- /dev/null
+++ b/debian/patches-applied/cve-2011-4708.patch
@@ -0,0 +1,27 @@
+Description: fix cve-2011-4708: .pam_environment privilege issue
+Index: pam.debian/modules/pam_env/pam_env.c
+===================================================================
+--- pam.debian.orig/modules/pam_env/pam_env.c
++++ pam.debian/modules/pam_env/pam_env.c
+@@ -10,7 +10,7 @@
+ #define DEFAULT_READ_ENVFILE 1
+
+ #define DEFAULT_USER_ENVFILE ".pam_environment"
+-#define DEFAULT_USER_READ_ENVFILE 1
++#define DEFAULT_USER_READ_ENVFILE 0
+
+ #include "config.h"
+
+Index: pam.debian/modules/pam_env/pam_env.8.xml
+===================================================================
+--- pam.debian.orig/modules/pam_env/pam_env.8.xml
++++ pam.debian/modules/pam_env/pam_env.8.xml
+@@ -147,7 +147,7 @@
+ <listitem>
+ <para>
+ Turns on or off the reading of the user specific environment
+- file. 0 is off, 1 is on. By default this option is on.
++ file. 0 is off, 1 is on. By default this option is off.
+ </para>
+ </listitem>
+ </varlistentry>
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-04 13:23:24 +0000