Comment 0 for bug 610125

Revision history for this message
Stephane Chazelas (stephane-chazelas) wrote :

ii libpam-modules 1.1.1-2ubuntu5 Pluggable Authentication Modules for PAM

(lucid amd64)

pam_motd calls the scripts in /etc/update-motd.d/ as root without sanitising the environment. While that is acceptable when called for instance by sshd or by getty through login where the environment should be controlled, it becomes an issue if for instance "session optional pam_motd.so" is added to /etc/pam.d/su

With that done, a user can simply update his $PATH to look first in a directory that contains malicious replacements for commands called by the /etc/update-motd.d/ scripts (for instance "uname" called by 00_header).

pam_motd should perform the same kind of sanitisation as pam_exec, or even better not do the run-part /etc/update-motd.d/ at all but add some pam_exec calls to the pam configuration.

That issue is made worth by the fact that the running of those scripts by pam_motd is not documented.