From owner-freebsd-audit Thu Feb 8 15:36:15 2001 Delivered-To: freebsd-audit@freebsd.org Received: from lennier.cc.vt.edu (lennier.cc.vt.edu [198.82.161.193]) by hub.freebsd.org (Postfix) with ESMTP id 0044037B401 for ; Thu, 8 Feb 2001 15:35:54 -0800 (PST) Received: from mail.vt.edu (gkar.cc.vt.edu [198.82.161.190]) by lennier.cc.vt.edu (8.11.0/8.11.0) with ESMTP id f18NZnu161513; Thu, 8 Feb 2001 18:35:49 -0500 (EST) Received: from enterprise.muriel.penguinpowered.com ([198.82.100.151]) by gkar.cc.vt.edu (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10) with ESMTP id <0G8G00KBAPJOQU@gkar.cc.vt.edu>; Thu, 8 Feb 2001 18:35:48 -0500 (EST) Date: Thu, 08 Feb 2001 18:35:47 -0500 (EST) From: Mike Heffner Subject: RE: login: exporting PAM environment In-reply-to: <20010208151845.A58884@hamlet.nectar.com> To: "Jacques A. Vidrine" Cc: freebsd-audit@freebsd.org Message-id: MIME-version: 1.0 X-Mailer: XFMail 1.4.7 on FreeBSD Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 8bit X-Priority: 3 (Normal) Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 08-Feb-2001 Jacques A. Vidrine wrote: | Hello, | | Please have a look at the following patch. This corrects login so | that it exports environmental variables set by PAM modules. This is | particularly important for certain options of pam_krb5. [ snip ] | +static int | +ok_to_export(s) | + const char *s; | +{ | + static const char *noexport[] = { | + "SHELL", "HOME", "LOGNAME", "MAIL", "CDPATH", | + "IFS", "PATH", NULL | + }; | + const char **pp; | + | + if (strlen(s) > 1024 || strchr(s, '=') == NULL) | + return 0; | + if (strncmp(s, "LD_", 3) == 0) | + return 0; | + for (pp = noexport; *pp != NULL; pp++) { | + if (strcmp(s, *pp) == 0) | + return 0; This needs to be strncmp(s, *pp, strlen(*pp)), otherwise the comparison will always fail. -- Mike Heffner Blacksburg, VA http://filebox.vt.edu/users/mheffner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message