File openssh-6.6p1-ignore_PAM_with_UseLogin.patch of Package openssh-askpass-gnome.9495
# HG changeset patch
# Parent e069c98c247ddc6573d136678054cf2c82aee4db
Do not import PAM environment variables when using login, since it may have
security implications.
CVE-2015-8325
bsc#975865
Backport of upstream commit 85bdcd7c92fe7ff133bbc4e10a65c91810f88755
diff --git a/openssh-6.6p1/session.c b/openssh-6.6p1/session.c
--- a/openssh-6.6p1/session.c
+++ b/openssh-6.6p1/session.c
@@ -1347,17 +1347,17 @@ do_setup_env(Session *s, const char *she
child_set_env(&env, &envsize, "KRB5CCNAME",
s->authctxt->krb5_ccname);
#endif
#ifdef USE_PAM
/*
* Pull in any environment variables that may have
* been set by PAM.
*/
- if (options.use_pam) {
+ if (options.use_pam && !options.use_login) {
char **p;
p = fetch_pam_child_environment();
copy_environment(p, &env, &envsize);
free_pam_environment(p);
p = fetch_pam_environment();
copy_environment(p, &env, &envsize);