unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
blob 8063e64ea7f4be2282cfe10d2fd61de7c970e43e 925 bytes (raw)
name: gnu/packages/patches/openssh-CVE-2015-8325.patch 	 # note: path name is non-authoritative(*)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

 
From 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Wed, 13 Apr 2016 10:39:57 +1000
Subject: ignore PAM environment vars when UseLogin=yes

If PAM is configured to read user-specified environment variables
and UseLogin=yes in sshd_config, then a hostile local user may
attack /bin/login via LD_PRELOAD or similar environment variables
set via PAM.

CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
---
 session.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/session.c b/session.c
index 4859245..4653b09 100644
--- a/session.c
+++ b/session.c
@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell)
 	 * Pull in any environment variables that may have
 	 * been set by PAM.
 	 */
-	if (options.use_pam) {
+	if (options.use_pam && !options.use_login) {
 		char **p;
 
 		p = fetch_pam_child_environment();
-- 
cgit v0.11.2


debug log:

solving 8063e64 ...
found 8063e64 in https://git.savannah.gnu.org/cgit/guix.git

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).