summaryrefslogtreecommitdiffstats
path: root/debian/patches/pam-systemd-use-secure_getenv-rather-than-getenv.patch
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/pam-systemd-use-secure_getenv-rather-than-getenv.patch40
1 files changed, 40 insertions, 0 deletions
diff --git a/debian/patches/pam-systemd-use-secure_getenv-rather-than-getenv.patch b/debian/patches/pam-systemd-use-secure_getenv-rather-than-getenv.patch
new file mode 100644
index 0000000..b966fe3
--- /dev/null
+++ b/debian/patches/pam-systemd-use-secure_getenv-rather-than-getenv.patch
@@ -0,0 +1,40 @@
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 4 Feb 2019 10:23:43 +0100
+Subject: pam-systemd: use secure_getenv() rather than getenv()
+
+And explain why in a comment.
+
+(cherry picked from commit 83d4ab55336ff8a0643c6aa627b31e351a24040a)
+---
+ src/login/pam_systemd.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
+index 997b74e..ea245c8 100644
+--- a/src/login/pam_systemd.c
++++ b/src/login/pam_systemd.c
+@@ -316,14 +316,21 @@ static const char* getenv_harder(pam_handle_t *handle, const char *key, const ch
+ assert(handle);
+ assert(key);
+
+- /* Looks for an environment variable, preferrably in the environment block associated with the specified PAM
+- * handle, falling back to the process' block instead. */
++ /* Looks for an environment variable, preferrably in the environment block associated with the
++ * specified PAM handle, falling back to the process' block instead. Why check both? Because we want
++ * to permit configuration of session properties from unit files that invoke PAM services, so that
++ * PAM services don't have to be reworked to set systemd-specific properties, but these properties
++ * can still be set from the unit file Environment= block. */
+
+ v = pam_getenv(handle, key);
+ if (!isempty(v))
+ return v;
+
+- v = getenv(key);
++ /* We use secure_getenv() here, since we might get loaded into su/sudo, which are SUID. Ideally
++ * they'd clean up the environment before invoking foreign code (such as PAM modules), but alas they
++ * currently don't (to be precise, they clean up the environment they pass to their children, but
++ * not their own environ[]). */
++ v = secure_getenv(key);
+ if (!isempty(v))
+ return v;
+