search for: pamsessionacceptenv

Displaying 2 results from an estimated 2 matches for "pamsessionacceptenv".

2024 Dec 20
1
PAM session setup and environment variables
...sky given that some PAM session modules like pam_namespace and > > pam_exec invoke external executables and could be affected by e.g. LD_* > > variables. > > > > If we're aiming for flexibility without sacrificing security, then a new > > sshd_config keyword (e.g. PAMSessionAcceptEnv) could be added to specify > > what is allowed to be forwarded to the PAM session modules. > > Thanks for chiming in. How about we accept variables from a narrow allow- > list (XDG_SESSION_CLASS/TYPE, LC_*) for now and see how it goes? Sounds good. Since nobody asked to forward LC...
2024 Dec 19
1
PAM session setup and environment variables
...cceptEnv > could be risky given that some PAM session modules like pam_namespace and > pam_exec invoke external executables and could be affected by e.g. LD_* > variables. > > If we're aiming for flexibility without sacrificing security, then a new > sshd_config keyword (e.g. PAMSessionAcceptEnv) could be added to specify > what is allowed to be forwarded to the PAM session modules. Thanks for chiming in. How about we accept variables from a narrow allow- list (XDG_SESSION_CLASS/TYPE, LC_*) for now and see how it goes? -d