summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--modules/pam_env/pam_env.8.xml5
-rw-r--r--modules/pam_env/pam_env.c2
3 files changed, 11 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index 17336ac6..c7bcac96 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2010-10-11 Tomas Mraz <t8m@centrum.cz>
+
+ * modules/pam_env/pam_env.c: Change default for user_readenv to 0.
+ * modules/pam_env/pam_env.8.xml: Document the new default for user_readenv.
+
2010-10-07 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_selinux/pam_selinux.c (verbose_message): Fix format
@@ -40,6 +45,7 @@
* modules/pam_xauth/pam_xauth.c (check_acl): Ensure that the given
access control file is a regular file.
+>>>>>>> 1.530
2010-09-16 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_env/pam_env.c (handle_env): Use setfsuid() return code.
diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml
index 536cb132..b85fbaae 100644
--- a/modules/pam_env/pam_env.8.xml
+++ b/modules/pam_env/pam_env.8.xml
@@ -143,7 +143,10 @@
<listitem>
<para>
Turns on or off the reading of the user specific environment
- file. 0 is off, 1 is on. By default this option is on.
+ file. 0 is off, 1 is on. By default this option is off as user
+ supplied environment variables in the PAM environment could affect
+ behavior of subsequent modules in the stack without the consent
+ of the system administrator.
</para>
</listitem>
</varlistentry>
diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c
index 8ac8ed33..6be39ba3 100644
--- a/modules/pam_env/pam_env.c
+++ b/modules/pam_env/pam_env.c
@@ -10,7 +10,7 @@
#define DEFAULT_READ_ENVFILE 1
#define DEFAULT_USER_ENVFILE ".pam_environment"
-#define DEFAULT_USER_READ_ENVFILE 1
+#define DEFAULT_USER_READ_ENVFILE 0
#include "config.h"