* Qualys Security Advisory <q...@qualys.com>, 2025-06-17 20:00:
On Debian 12 and Ubuntu 24.04, when an unprivileged user logs in via sshd, PAM's pam_env module (from Linux-PAM 1.5.x) also reads this user's ~/.pam_environment file, because pam_env's "user_readenv" is explicitly set to 1 in /etc/pam.d/sshd (it is 0 by default, since Linux-PAM 1.4.0).
I reported this back in 2014: https://bugs.debian.org/761600 -- Jakub Wilk
