1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 4 Feb 2019 10:23:43 +0100
Subject: pam-systemd: use secure_getenv() rather than getenv()
And explain why in a comment.
(cherry picked from commit 83d4ab55336ff8a0643c6aa627b31e351a24040a)
---
src/login/pam_systemd.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
index 997b74e..ea245c8 100644
--- a/src/login/pam_systemd.c
+++ b/src/login/pam_systemd.c
@@ -316,14 +316,21 @@ static const char* getenv_harder(pam_handle_t *handle, const char *key, const ch
assert(handle);
assert(key);
- /* Looks for an environment variable, preferrably in the environment block associated with the specified PAM
- * handle, falling back to the process' block instead. */
+ /* Looks for an environment variable, preferrably in the environment block associated with the
+ * specified PAM handle, falling back to the process' block instead. Why check both? Because we want
+ * to permit configuration of session properties from unit files that invoke PAM services, so that
+ * PAM services don't have to be reworked to set systemd-specific properties, but these properties
+ * can still be set from the unit file Environment= block. */
v = pam_getenv(handle, key);
if (!isempty(v))
return v;
- v = getenv(key);
+ /* We use secure_getenv() here, since we might get loaded into su/sudo, which are SUID. Ideally
+ * they'd clean up the environment before invoking foreign code (such as PAM modules), but alas they
+ * currently don't (to be precise, they clean up the environment they pass to their children, but
+ * not their own environ[]). */
+ v = secure_getenv(key);
if (!isempty(v))
return v;
|
