[Pkg-shadow-devel] Bug#989919: login: consider setting PAM's user_readenv=1
Christoph Anton Mitterer
calestyo at scientia.org
Sat Apr 9 17:41:47 BST 2022
On Sat, 2022-04-09 at 08:20 -0500, Serge E. Hallyn wrote:
> I wonder whether it was disabled
> for security reasons? Is there a debian bug referring to that?
Hmm could be this...
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611136
Though I don't quite understand what the attack actually is (or whether
it was fixed - and if there is no real fix, why the pam manpages still
don't warn from that option), since any user could just set any var in
his .bashrc or so....
More information about the Pkg-shadow-devel
mailing list