summaryrefslogtreecommitdiffstats
path: root/debian/patches-applied/cve-2010-4708.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches-applied/cve-2010-4708.patch')
-rw-r--r--debian/patches-applied/cve-2010-4708.patch53
1 files changed, 53 insertions, 0 deletions
diff --git a/debian/patches-applied/cve-2010-4708.patch b/debian/patches-applied/cve-2010-4708.patch
new file mode 100644
index 0000000..0ab2a8e
--- /dev/null
+++ b/debian/patches-applied/cve-2010-4708.patch
@@ -0,0 +1,53 @@
+Description: fix cve-2010-4708: .pam_environment privilege issue
+Index: pam/modules/pam_env/pam_env.c
+===================================================================
+--- pam.orig/modules/pam_env/pam_env.c
++++ pam/modules/pam_env/pam_env.c
+@@ -10,7 +10,7 @@
+ #define DEFAULT_READ_ENVFILE 1
+
+ #define DEFAULT_USER_ENVFILE ".pam_environment"
+-#define DEFAULT_USER_READ_ENVFILE 1
++#define DEFAULT_USER_READ_ENVFILE 0
+
+ #include "config.h"
+
+Index: pam/modules/pam_env/pam_env.8.xml
+===================================================================
+--- pam.orig/modules/pam_env/pam_env.8.xml
++++ pam/modules/pam_env/pam_env.8.xml
+@@ -158,7 +158,7 @@
+ <listitem>
+ <para>
+ Turns on or off the reading of the user specific environment
+- file. 0 is off, 1 is on. By default this option is on.
++ file. 0 is off, 1 is on. By default this option is off.
+ </para>
+ </listitem>
+ </varlistentry>
+Index: pam/modules/pam_env/pam_env.8
+===================================================================
+--- pam.orig/modules/pam_env/pam_env.8
++++ pam/modules/pam_env/pam_env.8
+@@ -101,7 +101,7 @@
+ .PP
+ \fBuser_readenv=\fR\fB\fI0|1\fR\fR
+ .RS 4
+-Turns on or off the reading of the user specific environment file\&. 0 is off, 1 is on\&. By default this option is on\&.
++Turns on or off the reading of the user specific environment file\&. 0 is off, 1 is on\&. By default this option is off\&.
+ .RE
+ .SH "MODULE TYPES PROVIDED"
+ .PP
+Index: pam/modules/pam_env/README
+===================================================================
+--- pam.orig/modules/pam_env/README
++++ pam/modules/pam_env/README
+@@ -57,7 +57,7 @@
+ user_readenv=0|1
+
+ Turns on or off the reading of the user specific environment file. 0 is
+- off, 1 is on. By default this option is on.
++ off, 1 is on. By default this option is off.
+
+ EXAMPLES
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-07 08:27:55 +0000