On Fri, Feb 01, 2002 at 10:21:48PM +0100, Thorsten Kukuk wrote: > is there a special reason why pam_env.so uses the pam_*env() > functions and not putenv() or setenv()? It should only prepare the environment to be used for the session being created, not by the process creating the session. Doing otherwise could even be a security hole if, for example, $TMPDIR is set to a directory controlled by the target user but would take effect for the parent sshd, login, or su as well. > The problem is, nearly no application sets the PAM environment, so > the PAM module is nearly useless for most situations. I didn't notice that. OpenSSH and SimplePAMApps' login and su do import the environment for the new session from PAM. We're relying on that for pam_mktemp to work. -- /sd
