From owner-cvs-all Sat Aug 4 15:35:38 2001 Delivered-To: cvs-all@freebsd.org Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42]) by hub.freebsd.org (Postfix) with ESMTP id 9BDFD37B401; Sat, 4 Aug 2001 15:35:31 -0700 (PDT) (envelope-from ache@nagual.pp.ru) Received: (from ache@localhost) by nagual.pp.ru (8.11.4/8.11.4) id f74MYwd36150; Sun, 5 Aug 2001 02:34:58 +0400 (MSD) (envelope-from ache) Date: Sun, 5 Aug 2001 02:34:56 +0400 From: "Andrey A. Chernov" To: Mark Murray Cc: Bill Fenner , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libopie Makefile Message-ID: <20010805023456.A36079@nagual.pp.ru> References: <20010803221915.A16875@nagual.pp.ru> <200108041415.f74EFhr12941@grimreaper.grondar.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200108041415.f74EFhr12941@grimreaper.grondar.za> User-Agent: Mutt/1.3.19i Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, Aug 04, 2001 at 15:15:43 +0100, Mark Murray wrote: > > Exact the same thing I say. Why pretend to be more secure (really _false_ > > secure) since this sort of security can be easily overriden by even not so > > expirienced hacker using > > > > "echo mypassphrase | env DISPLAY=:0 otp-md5 ..." > > > > and the same tricks? > > That is a bug that needs to be fixed in its own right. It is not a bug, it is official way OPIE detects that connection is secure. That is, via environment variable :-( Do you know secure ways to detect running on X console? Or running under SSH connection? -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message