Date: Fri, 9 Feb 2001 15:16:45 -0600 From: "Jacques A. Vidrine" <n@nectar.com> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/login login.c Message-ID: <20010209151645.A20482@spawn.nectar.com> In-Reply-To: <20010209184332.A47061@nagual.pp.ru>; from ache@nagual.pp.ru on Fri, Feb 09, 2001 at 06:43:32PM %2B0300 References: <200102091321.f19DLoI59995@freefall.freebsd.org> <20010209184332.A47061@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 09, 2001 at 06:43:32PM +0300, Andrey A. Chernov wrote: > On Fri, Feb 09, 2001 at 05:21:50 -0800, Jacques Vidrine wrote: > > nectar 2001/02/09 05:21:50 PST > > > > Modified files: > > usr.bin/login login.c > > Log: > > Fix login so that it exports environmental variables that are set by PAM > > modules (via pam_putenv). The following variables will never be set in > > this fashion: > > > > SHELL, HOME, LOGNAME, MAIL, CDPATH, IFS, PATH > > any variable starting with `LD_' > > Do you mean this is the list of _disabled_ variables? Yes, that's exactly what I mean. > All security guides recommend just opposite strategy, keeping the list > of _enabled_ variables. It prevents new and unknown evil variable > appearse unnoticed in future. That would normally apply, but PAM modules are security components -- they need to set arbitrary variables such as e.g. KRB5CCNAME (for Kerberos), and are trusted to operate correctly. Preventing `new and unknown' variables is basically counter to extensibility. The list above was garnered from the Solaris description of the interaction between pam_putenv and login. The reasoning appears to be that these are variables that login typically expects to be able to set initially. Since the Solaris documentation is the closest thing there is to a specification for PAM, I followed the example. OpenSSH's sshd, in contrast, lets the PAM modules set any environmental variable. Cheers, -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010209151645.A20482>