diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | modules/pam_env/pam_env.8.xml | 5 | ||||
-rw-r--r-- | modules/pam_env/pam_env.c | 2 |
3 files changed, 11 insertions, 2 deletions
@@ -1,3 +1,8 @@ +2010-10-11 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_env/pam_env.c: Change default for user_readenv to 0. + * modules/pam_env/pam_env.8.xml: Document the new default for user_readenv. + 2010-10-07 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_selinux/pam_selinux.c (verbose_message): Fix format @@ -40,6 +45,7 @@ * modules/pam_xauth/pam_xauth.c (check_acl): Ensure that the given access control file is a regular file. +>>>>>>> 1.530 2010-09-16 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_env/pam_env.c (handle_env): Use setfsuid() return code. diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml index 536cb132..b85fbaae 100644 --- a/modules/pam_env/pam_env.8.xml +++ b/modules/pam_env/pam_env.8.xml @@ -143,7 +143,10 @@ <listitem> <para> Turns on or off the reading of the user specific environment - file. 0 is off, 1 is on. By default this option is on. + file. 0 is off, 1 is on. By default this option is off as user + supplied environment variables in the PAM environment could affect + behavior of subsequent modules in the stack without the consent + of the system administrator. </para> </listitem> </varlistentry> diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c index 8ac8ed33..6be39ba3 100644 --- a/modules/pam_env/pam_env.c +++ b/modules/pam_env/pam_env.c @@ -10,7 +10,7 @@ #define DEFAULT_READ_ENVFILE 1 #define DEFAULT_USER_ENVFILE ".pam_environment" -#define DEFAULT_USER_READ_ENVFILE 1 +#define DEFAULT_USER_READ_ENVFILE 0 #include "config.h" |