Re: PAM exec patch to allow PAM_AUTHTOK to be exported.

"Zane C.B." <v.velox@xxxxxxxxxx> writes:
Dag-Erling Smørgrav <des@xxxxxx> writes:
Your patch opens a gaping security hole. Sensitive information
should never be placed in the environment.
Unless I am missing something, this is only dangerous if one is doing
something stupid with what ever is being executed by pam_exec.

Environment variables may be visible to other processes and users
through e.g. /proc.

Dag-Erling Smørgrav - des@xxxxxx
freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Comparing 2 recordsets to get Missing or Different
    ... By MISSING I believe you mean there is only one row meeting the criteria. ... > Environment names are like REGNHIM, PRODHIM, STSTHI1, etc... ... >> to let some SQL code do the walking. ... >> tblAIPProfileVariables T2 ...
  • [opensuse] Re: problems building perl 5.14.2 or 5.16.0 using RPMBUILD, build from tar or perlbrew (a
    ... Where did I say that cpp46 was missing? ... environment and b) resolves all requirements if stated correctly. ... OBS causes problems. ... Well after the cc1 'compiler' applies macros and tokenizes the ...
  • Re: VisualStudio .NET 2003?
    ... app runs though, the *methods* that you use are JITted to native code and ... Pinvoke for what is missing (or use existing wrappers such as the SDF ... >> environment. ...
  • Re: VisualStudio .NET 2003?
    ... development environment to jump into to look at PPC C++ development for the ... Pinvoke for what is missing (or use existing wrappers such as the SDF ... (I apologize for the generalization but strategic decisions ...
  • Re: Last line of longtable with wrong width
    ... particular case, spread through multiple pages), has a different width ... that the table, so the right border is mis-aligned, am I missing ... It worked like the OP said in a simple environment. ...