[Merge] lp:~kirkland/pam/update-motd-now into lp:~ubuntu-core-dev/pam/ubuntu
Steve Langasek
steve.langasek at canonical.com
Tue Jan 28 07:39:22 UTC 2014
Hi Dustin,
> Well, I'm trying to mimic the same behavior we have in pam_motd.c itself.
That behavior is in the context of a command being spawned from a PAM module; defensive environment sanitizing is a strict requirement here. I'm not convinced it makes sense to use the same technique in a shell script that will be called directly by an administrator. There's clearly not a security rationale for calling env -i in that case. Are you concerned that not cleaning the environment will result in inconsistent behavior between the module and the script in a legitimate configuration?
--
https://code.launchpad.net/~kirkland/pam/update-motd-now/+merge/202896
Your team Ubuntu Core Development Team is subscribed to branch lp:~ubuntu-core-dev/pam/ubuntu.
More information about the Ubuntu-reviews
mailing list