about summary refs log tree commit diff
path: root/pkgs/tools/networking/openssh/CVE-2015-8325.patch
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/networking/openssh/CVE-2015-8325.patch')
-rw-r--r--pkgs/tools/networking/openssh/CVE-2015-8325.patch28
1 files changed, 0 insertions, 28 deletions
diff --git a/pkgs/tools/networking/openssh/CVE-2015-8325.patch b/pkgs/tools/networking/openssh/CVE-2015-8325.patch
deleted file mode 100644
index c752726aeae7..000000000000
--- a/pkgs/tools/networking/openssh/CVE-2015-8325.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 Mon Sep 17 00:00:00 2001
-From: Damien Miller <djm@mindrot.org>
-Date: Wed, 13 Apr 2016 10:39:57 +1000
-Subject: [PATCH] ignore PAM environment vars when UseLogin=yes
-
-If PAM is configured to read user-specified environment variables
-and UseLogin=yes in sshd_config, then a hostile local user may
-attack /bin/login via LD_PRELOAD or similar environment variables
-set via PAM.
-
-CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
----
- session.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/session.c b/session.c
-index 4859245..4653b09 100644
---- a/session.c
-+++ b/session.c
-@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell)
- 	 * Pull in any environment variables that may have
- 	 * been set by PAM.
- 	 */
--	if (options.use_pam) {
-+	if (options.use_pam && !options.use_login) {
- 		char **p;
- 
- 		p = fetch_pam_child_environment();
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-23 03:27:21 +0000