diff -up pam/modules/pam_env/pam_env.c.nouserenv pam/modules/pam_env/pam_env.c

--- pam/modules/pam_env/pam_env.c.nouserenv	2010-10-20 09:59:30.000000000 +0200

+++ pam/modules/pam_env/pam_env.c	2010-11-01 14:42:01.000000000 +0100

@@ -10,7 +10,7 @@

 #define DEFAULT_READ_ENVFILE    1

 #define DEFAULT_USER_ENVFILE    ".pam_environment"

-#define DEFAULT_USER_READ_ENVFILE 1

+#define DEFAULT_USER_READ_ENVFILE 0

 #include "config.h"

diff -up pam/modules/pam_env/pam_env.8.xml.nouserenv pam/modules/pam_env/pam_env.8.xml

--- pam/modules/pam_env/pam_env.8.xml.nouserenv	2010-10-20 09:59:30.000000000 +0200

+++ pam/modules/pam_env/pam_env.8.xml	2010-11-01 14:42:01.000000000 +0100

@@ -147,7 +147,10 @@

         <listitem>

           <para>

             Turns on or off the reading of the user specific environment

-            file. 0 is off, 1 is on. By default this option is on.

+            file. 0 is off, 1 is on. By default this option is off as user

+            supplied environment variables in the PAM environment could affect

+            behavior of subsequent modules in the stack without the consent

+            of the system administrator.

           </para>

         </listitem>

       </varlistentry>