Date: Sun, 20 May 2007 19:10:33 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: "Zane C.B." <v.velox@vvelox.net> Cc: FreeBSD Security <freebsd-security@freebsd.org> Subject: Re: PAM exec patch to allow PAM_AUTHTOK to be exported. Message-ID: <86tzu7ifp2.fsf@dwp.des.no> In-Reply-To: <20070520120142.39e86eae@vixen42> (Zane C. B.'s message of "Sun\, 20 May 2007 12\:01\:42 -0400") References: <20070519130533.722e8b57@vixen42> <86bqgfh4w0.fsf@dwp.des.no> <20070520120142.39e86eae@vixen42>
next in thread | previous in thread | raw e-mail | index | archive | help
"Zane C.B." <v.velox@vvelox.net> writes: > Dag-Erling Sm=C3=B8rgrav <des@des.no> writes: >> Your patch opens a gaping security hole. Sensitive information >> should never be placed in the environment. > Unless I am missing something, this is only dangerous if one is doing > something stupid with what ever is being executed by pam_exec. Environment variables may be visible to other processes and users through e.g. /proc. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86tzu7ifp2.fsf>