On Sat, 2022-04-09 at 08:20 -0500, Serge E. Hallyn wrote: > I wonder whether it was disabled > for security reasons? Is there a debian bug referring to that?
Hmm could be this... https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611136 Though I don't quite understand what the attack actually is (or whether it was fixed - and if there is no real fix, why the pam manpages still don't warn from that option), since any user could just set any var in his .bashrc or so....