Date: Sun, 20 May 2007 12:01:42 -0400 From: "Zane C.B." <v.velox@vvelox.net> To: Dag-Erling =?ISO-8859-1?Q?Sm=F8rgrav?= <des@des.no> Cc: FreeBSD Security <freebsd-security@freebsd.org> Subject: Re: PAM exec patch to allow PAM_AUTHTOK to be exported. Message-ID: <20070520120142.39e86eae@vixen42> In-Reply-To: <86bqgfh4w0.fsf@dwp.des.no> References: <20070519130533.722e8b57@vixen42> <86bqgfh4w0.fsf@dwp.des.no>
index | next in thread | previous in thread | raw e-mail
On Sun, 20 May 2007 17:49:19 +0200 Dag-Erling Smørgrav <des@des.no> wrote: > "Zane C.B." <v.velox@vvelox.net> writes: > > I figure some one here may find this interesting. I just begun > > work on allowing a smb home directory to be automounted upon > > login. > > Your patch opens a gaping security hole. Sensitive information > should never be placed in the environment. Unless I am missing something, this is only dangerous if one is doing something stupid with what ever is being executed by pam_exec.help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070520120142.39e86eae>