Export the PAM environment to the child process instead of the "normal"

environment list, which may be unsafe and / or sensitive.

Sponsored by:	DARPA, NAI Labs

2 files changed, 12 insertions, 3 deletions

diff --git a/lib/libpam/modules/pam_exec/pam_exec.8 b/lib/libpam/modules/pam_exec/pam_exec.8
index 86c3260..1e3ac2d 100644
--- a/lib/libpam/modules/pam_exec/pam_exec.8
+++ b/lib/libpam/modules/pam_exec/pam_exec.8
@@ -1,6 +1,6 @@
 .\" Copyright (c) 2001 Mark R V Murray
 .\" All rights reserved.
-.\" Copyright (c) 2001 Networks Associates Technology, Inc.
+.\" Copyright (c) 2001,2003 Networks Associates Technology, Inc.
 .\" All rights reserved.
 .\"
 .\" Portions of this software were developed for the FreeBSD Project by
@@ -50,6 +50,9 @@
 The exec service module for PAM executes the program designated by its
 first argument, with its remaining arguments as command-line
 arguments.
+The child's environment is set to the current PAM environment list,
+as returned by
+.Xr pam_getenvlist 3 .
 .Sh SEE ALSO
 .Xr pam.conf 5 ,
 .Xr pam 8
diff --git a/lib/libpam/modules/pam_exec/pam_exec.c b/lib/libpam/modules/pam_exec/pam_exec.c
index 993f25b..23fc609 100644
--- a/lib/libpam/modules/pam_exec/pam_exec.c
+++ b/lib/libpam/modules/pam_exec/pam_exec.c
@@ -52,6 +52,7 @@ _pam_exec(pam_handle_t *pamh __unused, int flags __unused,
     int argc, const char *argv[])
 {
 	int childerr, status;
+	char **env, **envlist;
 	pid_t pid;
 
 	if (argc < 1)
@@ -61,12 +62,17 @@ _pam_exec(pam_handle_t *pamh __unused, int flags __unused,
 	 * XXX For additional credit, divert child's stdin/stdout/stderr
 	 * to the conversation function.
 	 */
+	envlist = pam_getenvlist(pamh);
 	childerr = 0;
 	if ((pid = vfork()) == 0) {
-		execv(argv[0], argv);
+		execve(argv[0], argv, envlist);
 		childerr = errno;
 		_exit(1);
-	} else if (pid == -1) {
+	}
+	for (env = envlist; *env != NULL; ++env)
+		free(*env);
+	free(envlist);
+	if (pid == -1) {
 		openpam_log(PAM_LOG_ERROR, "vfork(): %m");
 		return (PAM_SYSTEM_ERR);
 	}