This still needs fixing, unfortunately. "env" is called without a fully
qualified path, which means a malicious PATH can still cause problems.
(Again, only in the case of having pam_motd added to non-default pam
service configs that are local setuid applications.)
** Also affects: pam (Ubuntu Precise)
Importance: Low
Assignee: Dustin Kirkland (kirkland)
Status: Fix Released
** Changed in: pam (Ubuntu Precise)
Status: Fix Released => Triaged
** Changed in: pam (Ubuntu Oneiric)
Status: Fix Released => Triaged
** Changed in: pam (Ubuntu Natty)
Status: Fix Committed => Triaged
** Changed in: pam (Ubuntu Maverick)
Status: Fix Committed => Triaged
** Changed in: pam (Ubuntu Lucid)
Status: Fix Committed => Triaged
** Changed in: pam (Ubuntu Oneiric)
Milestone: None => oneiric-updates
** Changed in: pam (Ubuntu Precise)
Milestone: natty-updates => None
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/610125
Title:
pam_motd runs commands as root with unsanitised environment
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/610125/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
