[src/trunk]: src/crypto/external/bsd/openssh/dist If PAM is configured to rea...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/fb9340d76ff4
branches:  trunk
changeset: 344745:fb9340d76ff4
user:      christos <christos%NetBSD.org@localhost>
date:      Thu Apr 14 16:42:09 2016 +0000

description:
If PAM is configured to read user-specified environment variables
and UseLogin=yes in sshd_config, then a hostile local user may
attack /bin/login via LD_PRELOAD or similar environment variables
set via PAM.

CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
https://anongit.mindrot.org/openssh.git/commit/?\
id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755

XXX: pullup-7

diffstat:

 crypto/external/bsd/openssh/dist/session.c |  6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diffs (27 lines):

diff -r bb08f48df8c1 -r fb9340d76ff4 crypto/external/bsd/openssh/dist/session.c
--- a/crypto/external/bsd/openssh/dist/session.c        Thu Apr 14 03:25:28 2016 +0000
+++ b/crypto/external/bsd/openssh/dist/session.c        Thu Apr 14 16:42:09 2016 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: session.c,v 1.18 2016/03/11 01:55:00 christos Exp $    */
+/*     $NetBSD: session.c,v 1.19 2016/04/14 16:42:09 christos Exp $    */
 /* $OpenBSD: session.c,v 1.280 2016/02/16 03:37:48 djm Exp $ */
 
 /*
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: session.c,v 1.18 2016/03/11 01:55:00 christos Exp $");
+__RCSID("$NetBSD: session.c,v 1.19 2016/04/14 16:42:09 christos Exp $");
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <sys/un.h>
@@ -1226,7 +1226,7 @@
         * Pull in any environment variables that may have
         * been set by PAM.
         */
-       if (options.use_pam) {
+       if (options.use_pam && !options.use_login) {
                char **p;
 
                p = fetch_pam_child_environment();