Date: Sat, 04 Aug 2001 15:15:43 +0100 From: Mark Murray <mark@grondar.za> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: Bill Fenner <fenner@research.att.com>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libopie Makefile Message-ID: <200108041415.f74EFhr12941@grimreaper.grondar.za> In-Reply-To: <20010803221915.A16875@nagual.pp.ru> ; from "Andrey A. Chernov" <ache@nagual.pp.ru> "Fri, 03 Aug 2001 22:19:15 %2B0400." References: <20010803221915.A16875@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
> Exact the same thing I say. Why pretend to be more secure (really _false_ > secure) since this sort of security can be easily overriden by even not so > expirienced hacker using > > "echo mypassphrase | env DISPLAY=:0 otp-md5 ..." > > and the same tricks? That is a bug that needs to be fixed in its own right. > BTW, in the same false secure style automatic SSH detection can be added > using getenv("SSH_CLIENT") > > So, we have NO reasons to restrict -f or /etc/opieaccess usage. No. We have a bug we need to fix. M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108041415.f74EFhr12941>