Re: PAM exec patch to allow PAM_AUTHTOK to be exported.
- From: "Zane C.B." <v.velox@xxxxxxxxxx>
- Date: Sun, 20 May 2007 13:24:10 -0400
On Sun, 20 May 2007 19:10:33 +0200
Dag-Erling Smørgrav <des@xxxxxx> wrote:
"Zane C.B." <v.velox@xxxxxxxxxx> writes:
Dag-Erling Smørgrav <des@xxxxxx> writes:
Your patch opens a gaping security hole. Sensitive informationUnless I am missing something, this is only dangerous if one is
should never be placed in the environment.
doing something stupid with what ever is being executed by
pam_exec.
Environment variables may be visible to other processes and users
through e.g. /proc.
Cool. Forgot about /proc. Is definitely a issue. Hmmm, any ideas in
the area of passing it then?
My current thoughts are along the lines of passing it through stdin
currently.
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: PAM exec patch to allow PAM_AUTHTOK to be exported.
- From: Dan Lukes
- Re: PAM exec patch to allow PAM_AUTHTOK to be exported.
- References:
- PAM exec patch to allow PAM_AUTHTOK to be exported.
- From: Zane C.B.
- Re: PAM exec patch to allow PAM_AUTHTOK to be exported.
- From: Dag-Erling Smørgrav
- Re: PAM exec patch to allow PAM_AUTHTOK to be exported.
- From: Zane C.B.
- Re: PAM exec patch to allow PAM_AUTHTOK to be exported.
- From: Dag-Erling Smørgrav
- PAM exec patch to allow PAM_AUTHTOK to be exported.
- Prev by Date: Re: PAM exec patch to allow PAM_AUTHTOK to be exported.
- Next by Date: Re: PAM exec patch to allow PAM_AUTHTOK to be exported.
- Previous by thread: Re: PAM exec patch to allow PAM_AUTHTOK to be exported.
- Next by thread: Re: PAM exec patch to allow PAM_AUTHTOK to be exported.
- Index(es):
Relevant Pages
|
