openssh: security fix for CVE-2015-8325.

> Subject: ignore PAM environment vars when UseLogin=yes
>
> If PAM is configured to read user-specified environment variables
> and UseLogin=yes in sshd_config, then a hostile local user may
> attack /bin/login via LD_PRELOAD or similar environment variables
> set via PAM.
>
> CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
This commit is contained in:
Christian Neukirchen 2016-06-06 13:34:27 +02:00
parent 5d4f7fca62
commit 0ea48ddd5e
2 changed files with 23 additions and 1 deletions

View file

@ -0,0 +1,22 @@
From: Damien Miller <djm@mindrot.org>
Date: Wed, 13 Apr 2016 10:39:57 +1000
Subject: ignore PAM environment vars when UseLogin=yes
If PAM is configured to read user-specified environment variables
and UseLogin=yes in sshd_config, then a hostile local user may
attack /bin/login via LD_PRELOAD or similar environment variables
set via PAM.
CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
--- session.c
+++ session.c
@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell)
* Pull in any environment variables that may have
* been set by PAM.
*/
- if (options.use_pam) {
+ if (options.use_pam && !options.use_login) {
char **p;
p = fetch_pam_child_environment();

View file

@ -1,7 +1,7 @@
# Template file for 'openssh'
pkgname=openssh
version=7.2p2
revision=2
revision=3
build_style=gnu-configure
configure_args="--datadir=/usr/share/openssh
--sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody