summaryrefslogtreecommitdiff
path: root/modules/pam_env
diff options
context:
space:
mode:
authorTomas Mraz <tm@t8m.info>2010-10-11 14:24:30 +0000
committerTomas Mraz <tm@t8m.info>2010-10-11 14:24:30 +0000
commit4c430f6f8391555bb1b7b78991afb20d35228efc (patch)
tree0079e70cff4a5253867b13a6f67e09bdbcc16157 /modules/pam_env
parentbd093f250963e33c98801a1058de337e38ca1ef0 (diff)
Relevant BUGIDs:
Purpose of commit: bugfix Commit summary: --------------- 2010-10-11 Tomas Mraz <t8m@centrum.cz> * modules/pam_env/pam_env.c: Change default for user_readenv to 0. * modules/pam_env/pam_env.8.xml: Document the new default for user_readenv.
Diffstat (limited to 'modules/pam_env')
-rw-r--r--modules/pam_env/pam_env.8.xml5
-rw-r--r--modules/pam_env/pam_env.c2
2 files changed, 5 insertions, 2 deletions
diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml
index 536cb132..b85fbaae 100644
--- a/modules/pam_env/pam_env.8.xml
+++ b/modules/pam_env/pam_env.8.xml
@@ -143,7 +143,10 @@
<listitem>
<para>
Turns on or off the reading of the user specific environment
- file. 0 is off, 1 is on. By default this option is on.
+ file. 0 is off, 1 is on. By default this option is off as user
+ supplied environment variables in the PAM environment could affect
+ behavior of subsequent modules in the stack without the consent
+ of the system administrator.
</para>
</listitem>
</varlistentry>
diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c
index 8ac8ed33..6be39ba3 100644
--- a/modules/pam_env/pam_env.c
+++ b/modules/pam_env/pam_env.c
@@ -10,7 +10,7 @@
#define DEFAULT_READ_ENVFILE 1
#define DEFAULT_USER_ENVFILE ".pam_environment"
-#define DEFAULT_USER_READ_ENVFILE 1
+#define DEFAULT_USER_READ_ENVFILE 0
#include "config.h"