[PATCH] auth-pam: don't leak PAM env strings after pam_putenv()
avinash.duduskar at gmail.com
avinash.duduskar at gmail.com
Tue May 19 02:31:07 AEST 2026
You're right, I only verified the contract on Linux-PAM. Reading
OpenPAM and illumos PAM sources now to determine the contract there;
will report back. For current Oracle Solaris I don't have source
access, so the most I can offer is the public man page text plus
illumos as a fork-time proxy. If OpenPAM's contract doesn't match,
I'll withdraw the patch.
Thanks for the review.
On Mon, 2026-05-18 at 08:10 -0600, Theo de Raadt wrote:
> There are 3 completely seperate PAM libraries:
>
> Solaris, Linux, and FreeBSD.
>
> You have only checked one of them.
>
> https://docs.oracle.com/cd/E36784_01/html/E36878/pam-putenv-3pam.html
>
> The pam_putenv() function sets the value of the PAM environment
> variable name equal to value either by altering an existing PAM
> variable or by creating a new one.
>
> One of them documenting this behaviour, and another saying something
> different, kind of matters, becaue memory leaks are less dangerous
> than use-after-free bugs, which is what your proposal would introduce
> if either of the other two PAM libraries follow a different lifetime
> rule.
>
More information about the openssh-unix-dev
mailing list