Date: Sun, 20 May 2007 19:40:32 -0400 From: "Zane C.B." <v.velox@vvelox.net> To: Dan Lukes <dan@obluda.cz> Cc: FreeBSD Security <freebsd-security@freebsd.org> Subject: Re: PAM exec patch to allow PAM_AUTHTOK to be exported. Message-ID: <20070520194032.4ae23aaa@vixen42> In-Reply-To: <46508E1B.8030302@obluda.cz> References: <20070519130533.722e8b57@vixen42> <86bqgfh4w0.fsf@dwp.des.no> <20070520120142.39e86eae@vixen42> <86tzu7ifp2.fsf@dwp.des.no> <46508E1B.8030302@obluda.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 20 May 2007 20:06:19 +0200 Dan Lukes <dan@obluda.cz> wrote: > Dag-Erling Smørgrav napsal/wrote, On 05/20/07 19:10: > > "Zane C.B." <v.velox@vvelox.net> writes: > >> Dag-Erling Smørgrav <des@des.no> writes: > >>> Your patch opens a gaping security hole. Sensitive information > >>> should never be placed in the environment. > >> Unless I am missing something, this is only dangerous if one is > >> doing something stupid with what ever is being executed by > >> pam_exec. > > > > Environment variables may be visible to other processes and users > > through e.g. /proc. > > Many sensitive informations can be accessible via /dev/kmem > but the default mode of the device doesn't allow regular user > access. > > We trust the responsible administrator he doesn't load the > mem.ko module and change the mode/ownership of /dev/kmem the way > that open a hole. > > So we shall trust the same administrator he doesn't load > the procfs.ko and mount /proc creating the security hole this way. > > Please note I agree with the conclusion - the offered patch > shall be rejected. I disagree with explanation only. It's not as > simple as presented. I agree with D.E.S. about procfs, but by your argument by what I wrote is a bad idea, would not PAM and any other form of authentication be a bad idea?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070520194032.4ae23aaa>